X7ROOT File Manager
Current Path:
/usr/libexec/ipsec
usr
/
libexec
/
ipsec
/
📁
..
📄
_import_crl
(154.26 KB)
📄
_keycensor
(1.38 KB)
📄
_plutorun
(2.98 KB)
📄
_secretcensor
(1.86 KB)
📄
_stackmanager
(14 KB)
📄
_unbound-hook
(1.97 KB)
📄
_updown
(4.23 KB)
📄
_updown.klips
(18.3 KB)
📄
_updown.netkey
(23.31 KB)
📄
addconn
(210.56 KB)
📄
algparse
(345.43 KB)
📄
auto
(5.74 KB)
📄
barf
(11.82 KB)
📄
cavp
(346.02 KB)
📄
enumcheck
(85.1 KB)
📄
eroute
(93.81 KB)
📄
klipsdebug
(69.61 KB)
📄
look
(4.2 KB)
📄
newhostkey
(3.23 KB)
📄
pf_key
(69.18 KB)
📄
pluto
(1.37 MB)
📄
readwriteconf
(182.2 KB)
📄
rsasigkey
(159.04 KB)
📄
setup
(5.58 KB)
📄
show
(3.46 KB)
📄
showhostkey
(159.3 KB)
📄
spi
(346.27 KB)
📄
spigrp
(85.76 KB)
📄
tncfg
(130.14 KB)
📄
verify
(12.04 KB)
📄
whack
(137.93 KB)
Editing: barf
#! /bin/sh # dump assorted information of use in debugging # Copyright (C) 1998, 1999 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # LC_ALL=C export LC_ALL LOGS=${LOGS-/var/log} me="ipsec barf" # Max lines to use for things like 'route -n' maxlines=100 # kludge to produce no barf output mentioning policygroups if none are present. # This will not catch ".file" policygroups. PREPOLICIES=/etc/ipsec.d/policies if [ `ls $PREPOLICIES 2> /dev/null | wc -l` -ne 0 ] then POLICIES=$PREPOLICIES fi # message patterns that start relevant parts of logs fstart='Starting Libreswan' pstart='Starting Pluto' case "$1" in --help) echo "Usage: ipsec barf" ; exit 0 ;; --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; --maxlines) maxlines=$2; shift;; esac # log-location guesser, results in $findlog_file and $findlog_startline # Fine point: startline is the *last* line containing "string", or # failing that, the *first* line containing "fallbackstring". findlog() { # findlog string fallbackstring possiblefile ... s="$1" shift t="$1" shift # try the suggested files first for f in $* do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$s" $LOGS/$f then # aha, this one has it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$s" $LOGS/$f | sed -n '$s/:.*//p'` return 0 fi done for f in $* do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f then # aha, this one has it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$t" $LOGS/$f | sed -n '1s/:.*//p'` return 0 fi done # nope, resort to a search, newest first, of uncompressed logs for f in `ls -t $LOGS | egrep -v lastlog | egrep -v tmp | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` do if test -f $LOGS/$f -a ! -d $LOGS/$f && egrep -q "$s" $LOGS/$f then # found it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$s" $LOGS/$f | sed -n '$s/:.*//p'` return 0 fi done for f in `ls -t $LOGS | egrep -v lastlog | egrep -v tmp | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` do if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f then # found it findlog_file=$LOGS/$f findlog_startline=`egrep -n "$t" $LOGS/$f | sed -n '1s/:.*//p'` return 0 fi done # echo "$0: unable to find $LOGS/$1 or local equivalent" >&2 findlog_file=/dev/null findlog_startline=1 # arbitrary } if test ! -x /usr/bin/journalctl then # no systemd, need to figure out log file location findlog "$fstart" "klips" messages syslog auth.log daemon.log if test " $findlog_file" = " /dev/null" then echo "Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration." fi klog=$findlog_file kline=$findlog_startline findlog "$pstart" "Pluto" secure auth.log daemon.log debug if test " $findlog_file" = " /dev/null" then echo "Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration." fi plog=$findlog_file pline=$findlog_startline fi # /lib/modules examiner modulegoo() { set +x for d in `ls /lib/modules` do if test -d /lib/modules/$d then f=/lib/modules/$d/$1 if test -f $f then nm -g $f | egrep "$2" else echo fi | sed "s;^;$d: ;" fi done set -x } # advanced shell deviousness to get dividers into output _________________________() { $2 # something to do nothing and not echo anything } exec 2>&1 # stderr on stdout, so errors go into main output hostname ; date set -x _________________________ version ipsec --version _________________________ /proc/version cat /proc/version _________________________ /proc/net/ipsec_eroute if test -r /proc/net/ipsec_eroute then sort -sg -k 3 /proc/net/ipsec_eroute || cat /proc/net/ipsec_eroute fi _________________________ netstat-rn netstat -nr|head -n $maxlines _________________________ /proc/net/ipsec_spi if test -r /proc/net/ipsec_spi then cat /proc/net/ipsec_spi fi _________________________ /proc/net/ipsec_spigrp if test -r /proc/net/ipsec_spigrp then cat /proc/net/ipsec_spigrp fi _________________________ /proc/net/ipsec_tncfg if test -r /proc/net/ipsec_tncfg then cat /proc/net/ipsec_tncfg fi _________________________ /proc/net/pfkey if test -r /proc/net/pfkey then cat /proc/net/pfkey _________________________ ip-xfrm-state ip xfrm state _________________________ ip-xfrm-policy ip xfrm policy _________________________ ip-xfrm-stats cat /proc/net/xfrm_stat fi _________________________ ip-l2tp-tunnel if test -d /sys/module/l2tp_core then ip l2tp show tunnel _________________________ ip-l2tp-session ip l2tp show session fi if test -d /sys/module/ip_vti then ip -s tunnel show _________________________ ip-tunnel ip -s tunnel show fi _________________________ /proc/crypto if test -r /proc/crypto then cat /proc/crypto fi # not visible on my 2.6 system #_________________________ /proc/net/pf_key-star #( cd /proc/net && egrep '^' pf_key_* ) __________________________/proc/sys/net/core/xfrm-star for i in /proc/sys/net/core/xfrm_* do echo -n "$i: " cat $i done _________________________ /proc/sys/net/ipsec-star if test -d /proc/sys/net/ipsec then ( cd /proc/sys/net/ipsec && egrep '^' * ) fi _________________________ ipsec/status ipsec whack --status _________________________ ifconfig-a ifconfig -a _________________________ ip-addr-list ip addr list _________________________ ip-route-list ip route list _________________________ ip-rule-list ip rule list _________________________ ipsec_verify ipsec verify --nocolour _________________________ mii-tool if [ -x /sbin/mii-tool ] then /sbin/mii-tool -v elif [ -x /usr/sbin/mii-tool ] then /usr/sbin/mii-tool -v else mii-tool -v fi _________________________ ipsec/directory ipsec --directory _________________________ hostname/fqdn hostname --fqdn _________________________ hostname/ipaddress hostname --ip-address _________________________ uptime uptime _________________________ ps # -i ppid picks up the header ps alxwf | egrep -i 'ppid|pluto|ipsec|klips' _________________________ ipsec/conf ipsec readwriteconf --config /etc/ipsec.conf | ipsec _keycensor _________________________ ipsec/secrets cat /etc/ipsec.secrets | ipsec _secretcensor _________________________ ipsec/listall ipsec whack --listall _________________________ nss/contents certutil -L -d sql:/etc/ipsec.d _________________________ nss/crls crlutil -L -d sql:/etc/ipsec.d if [ $POLICIES ] then for policy in $POLICIES/*; do base=`basename $policy`; _________________________ ipsec/policies/$base cat $policy done fi _________________________ ipsec/ls-execdir ls -l $IPSEC_EXECDIR _________________________ /proc/net/dev cat /proc/net/dev _________________________ /proc/net/route cat /proc/net/route _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc cat /proc/sys/net/ipv4/ip_no_pmtu_disc _________________________ /proc/sys/net/ipv4/ip_forward cat /proc/sys/net/ipv4/ip_forward _________________________ /proc/sys/net/ipv4/tcp_ecn cat /proc/sys/net/ipv4/tcp_ecn _________________________ /proc/sys/net/ipv4/conf/star-rp_filter ( cd /proc/sys/net/ipv4/conf && egrep '^' */rp_filter ) _________________________ /proc/sys/net/ipv4/conf/star-star-redirects ( cd /proc/sys/net/ipv4/conf && egrep '^' */*redirects ) _________________________ /proc/sys/net/ipv4/tcp_window_scaling cat /proc/sys/net/ipv4/tcp_window_scaling _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale cat /proc/sys/net/ipv4/tcp_adv_win_scale _________________________ uname-a uname -a _________________________ config-built-with if test -r /proc/config_built_with then cat /proc/config_built_with fi _________________________ distro-release for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release do if test -f $distro then cat $distro fi done _________________________ /proc/net/ipsec_version if test -r /proc/net/ipsec_version then cat /proc/net/ipsec_version else if test -r /proc/net/pfkey then echo "NETKEY (`uname -r`) support detected " else echo "no KLIPS or NETKEY support detected" fi fi _________________________ iptables if test -e /proc/net/ip_tables_names then if test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save then iptables-save --modprobe=/dev/null else if test -r /sbin/iptables -o -r /usr/sbin/iptables then iptables -L -v -n _________________________ iptables-nat grep ^nat /proc/net/ip_tables_names > /dev/null 2>/dev/null && iptables -t nat -L -v -n _________________________ iptables-mangle grep ^mangle /proc/net/ip_tables_names > /dev/null 2>/dev/null && iptables -t mangle -L -v -n fi fi fi _________________________ ip6tables if test -e ip6_tables_names then if test -r /sbin/ip6tables-save -o -r /usr/sbin/ip6tables-save then ip6tables-save --modprobe=/dev/null else if test -r /sbin/ip6tables -o -r /usr/sbin/ip6tables then test -e /proc/net/ip_tables_names && ip6tables -L -v -n # There is no IPv6 NAT yet (hopefully that will remain so) _________________________ ip6tables-mangle grep ^mangle /proc/net/ip6_tables_names > /dev/null 2>/dev/null && ip6tables -t mangle -L -v -n fi fi fi _________________________ /proc/modules if test -f /proc/modules then cat /proc/modules else echo "kernel without module support" fi _________________________ /proc/meminfo cat /proc/meminfo #obsolete? not on my klips system #_________________________ dev/ipsec-ls #ls -l /dev/ipsec* _________________________ /proc/net/ipsec-ls if test -f /proc/net/ipsec_version then ls -l /proc/net/ipsec_* fi _________________________ usr/src/linux/.config if test -f /proc/config.gz then zcat /proc/config.gz | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM' elif test -f /lib/modules/`uname -r`/build/.config then cat /lib/modules/`uname -r`/build/.config | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM' else echo "no .config file found, cannot list kernel properties" fi _________________________ etc/syslog.conf _________________________ etc/syslog-ng/syslog-ng.conf cat /etc/syslog-ng/syslog-ng.conf cat /etc/syslog.conf _________________________ etc/resolv.conf cat /etc/resolv.conf _________________________ lib/modules-ls ls -ltr /lib/modules _________________________ fipscheck cat /proc/sys/crypto/fips_enabled _________________________ /proc/ksyms-netif_rx if test -r /proc/ksyms then egrep netif_rx /proc/ksyms else if test -r /proc/kallsyms then egrep netif_rx /proc/kallsyms else echo "broken (redhat/fedora) 2.6 kernel without kallsyms" fi fi _________________________ lib/modules-netif_rx modulegoo kernel/net/ipv4/ipip.o netif_rx _________________________ kern.debug if test -f $LOGS/kern.debug then tail -100 $LOGS/kern.debug fi _________________________ klog dmesg | egrep -i "klips|ipsec" _________________________ plog if test -x /usr/bin/journalctl then journalctl -u ipsec.service --no-pager --since "1 hour ago" | case "$1" in --short) tail -500 ;; *) cat ;; esac else sed -n $pline,'$'p $plog | egrep -i 'pluto' | case "$1" in --short) tail -500 ;; *) cat ;; esac fi _________________________ date date
Upload File
Create Folder