View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions GRSec and the AJAX Console
Log in to Ask a Question

GRSec and the AJAX Console

general

I successfully compiled linux 2.6.32-23-grsec on ubuntu and have it booted. But now my Linode AJAX console is not giving me a prompt. I still see kernel messages being printed to the console, specifically ones from boot and GRSec but I have no login prompt. Anyone have any idea what's going on? I obviously assume GRSec did something to restrict tty's or something, but haven't found any info on it yet.

9 Replies

Can you get in via LISH?

Erm, that's exactly what doesn't work, obs.

Probably the kernel either re-labeled console device again, or he doesn't have hvc0 in the inittab or some kind of grsec-specific access file.

Draven, was your previous kernel the "stable" 2.6.18.x or one of the "recent" 2.6.32?

And check out your inittab, or whatever equivalent is used by ubuntu nowadays, to make sure you spawn a getty on hvc0.

@rsk:

Erm, that's exactly what doesn't work, obs.

Ajax console and lish aren't quite the same, lish involves ssh and is a darn sight better…ajax is sometimes just plain crappy just wanted to make sure it wasn't an issue with the ajax bit.

Ajax frontends to lish, obs… you connect via ajax to console-.linode.com which then executes ssh linodeXXXXX@cityXX.linode.com for you. Rest is the same. Sure, ajaxterm's VT100 emulation may be subpar, but if he sees console messages and no login prompt, it's 95% chance that he has no getty on hvc0.

Technically there wasn't a previous kernel. This is a brand new install so the only other kernel I was on was the paravirt latest. And that was long enough to compile my own vanilla kernel with grsec. And yes, LiSH is also effected by this problem.

https://help.ubuntu.com/community/SerialConsoleHowto

Follow only the "Configuring the console login process" part for your version, replacing all instances of "ttyS0" with "hvc0". Ignore the rest of article.

If still doesn't work after 'start hvc0' / 'telinit q' as appropriate and not even after reboot, try again with tty1 instead of hvc0. But you should have entries for that one already.

Bingo, works now! Its a bit sluggish though. Not the super speed it used to have. Is there something more specific I need to do since this isn't an actual serial connection?

Currently using

> exec /sbin/getty -L 115200 hvc00 vt102

Knew it! :P

Actually, it is an emulated serial console. But you may want to try cranking down from 115200 to 38400 - may actually work better. Also, did you really put in 'hvc00' not 'hvc0'? And if so, why?

What else… my getty for hvc0 doesn't have terminal type specified… you may try deleting vt102, and/or using vt100 instead.

PS. No guarantees for any of these making things better… lish always was kinda laggy to me. It's meant to be an emergency access panel, so it's tolerable, IMO.

Good luck!

Oops, no it's "hvc0" not "hvc00". No speed difference with vt102 or vt100 or the baud rate. Oh well, at least I have my console back. Thanks again!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct