FreeNAS and the Freak Warnings

I have a FreeNAS fileserver at home for backups and whatever. There’s a system job that runs nightly to look at the security logs and alert me if something’s wrong, for instance, if someone attempted to login and used an incorrect password. For as long as this box has been alive, I’d occasionally get emails like this:

bigbox.lan login failures:
Nov  6 22:12:14 bigbox sshd[722]: Failed password for root from 192.168.1.50 port 41002 ssh2
-- End of security output --

These are fine, usually, because sometimes I get things wrong. However, I’d occasionally get these even if I know for a fact I haven’t logged in at all. The source address is my desk workstation, and I know I didn’t make the session attempt. This gives me great cause for concern. Grave concern. Has somebody broken into my workstation and is trying to reach out?

So a few weeks ago I set up an iptables rule on my workstation to log the TCP SYN packet of every outbound SSH attempt:

iptables -A OUTPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "ssh_outbound "

This makes records like this in /var/log/syslog:

Nov  1 23:30:12 workstation kernel: [1473867.997608] ssh_outbound IN= OUT=enp3s0 SRC=192.168.1.50 DST=192.168.1.44 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20475 DF PROTO=TCP SPT=53594 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0

So when I got another alert this morning, I grepped my syslog and found absolutely nothing. Is the issue less nefarious than I feared? Is it a misconfiguration somewhere? So what’s going on?

Having had enough, I looked at my FreeNAS security log. It’s about 51KB and contains lots of entries. The entry triggering this morning’s alert is there. But it’s also followed by future dates. Future dates? Ah-hah! The stupid security logging daemon doesn’t store the year in the timestamps, and logwatcher doesn’t know it! This is an alert from last year! So why are old records still hanging around?

FreeNAS has a version of logrotate called newsyslog which gets its config from /etc/newsyslog.conf, which itself has the following entry for auth.log:

# logfilename     [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/auth.log                  600  7     100  *     JC

Huh. So the asterisk (*) means to not look at time when rotating the log, only the file size. Well, since the file’s not 100KB yet, it will sit until it is. This file is 4 years old! Wacky! So my fix is to change the asterisk to “$M1D0“, meaning monthly, day 1, regardless of size.

Now I only have a few more future alerts to look forward to until December starts and the log is rotated. I think I can live with that and rest a little more peacefully.

Hooray! We did it! We solved Blues Clues!

Spicy Sriracha Popcorn

Here’s a favorite spicy snack where I make popcorn at home with the traditional stovetop method. To me, stovetop is superior to a microwave bag, and I know exactly what goes into it. I’ve experimented to make a few different flavors and toppings, and made a spicy sriracha mix that I love and is a crowd-pleaser.

A single batch fills my 5-quart pot up to the lid after popping (your mileage may vary).

Ingredients for one batch of 5 quarts:

  • whole popcorn kernels
  • canola oil (or your preference)
  • 1/4 stick real butter
  • 1/2 tbsp sriracha sauce – either fresh generic or Huy Fong brand
  • 1/2 tbsp crushed red pepper
  • black pepper – fresh-ground to taste
  • salt – table or sea salt, to taste
  • 5 quart pot with lid
  • large container for tossing and serving
  • small ceramic cup for melting and mixing butter
  • measuring spoons

Pour enough oil in the pot to cover half of the bottom; this is really only for heat transfer between the pot and kernels, so you don’t need a lot. Drop a single kernel in the oil, place pot on burner over medium heat, and cover pot with lid (glass lids are great).

Once the first kernel pops, the oil is hot enough. Carefully pour enough kernels to cover the bottom of the pot with a single layer. Replace lid.

Now’s time to make the butter sauce. Softly melt the butter however you need (small dish in microwave on short 15-second bursts until melted is fine). Once melted, pour in the sriracha and red pepper and stir well. The popcorn might already be starting to pop.

I have a large, flat plastic container with lid that I use to toss the popcorn; a large open bowl should work, too. Pour the butter mix in a large line in the middle. You might pour a healthy amount of salt and black pepper on top of this butter to taste. When the popping is done (10 seconds or so between pops), take the popcorn off the stove and pour it into the mixing/serving container. Close the lid, roll, and shake the popcorn around to make sure the butter coats everything.

Queue up your next movie and enjoy!

Speaker

My job at this point of my 47-year game is to get drunk to the point of pointing out bullshit in the world, but not where you’d expect. There are levels beneath the levels, that’s where I’m at.

Come at me, bro. Come at me, sis. Come at me, CIS. Whatever. Whatever. It’s 2:10am on a school night. WHAT.

Never trust a man with a bottle of gin and an Internet connection, is what I’m sayin’.

Under the Hoodie

It’s hoodie weather, everyone!

The hoodie is easily my most useful garment (aside from pants).

  • warm
  • dark colors
  • instant cloak
  • obscures my spare tire
  • keeps the cold off my neck
  • secret zip-up bib for slurping noodles
  • sleeves useful for operating public doorknobs
  • kangaroo pockets for carrying tools or hiding hands
  • disguises the fact that I’ve worn the same shirt three days in a row
  • broadcasts to the world exactly which socioeconomic class I align to, since most professional grownups wear coats and cardigans

See? Useful!