How to get the information related to NICs configured in the SUSE 15.5 OS?

sid_fultariya · September 26, 2023, 6:24pm

Hello everyone,
I am trying to monitor the logs written into the system at boot time for a 15.5 SUSE Linux VM in order to gain information about the NICs (Network Interface Cards) configured into the system. This can be obtained using the dmesg or journalctl command but these require root privileges. Therefore, I am looking for the file in which these logs are stored and trying to read them directly. In my system, I discovered that these logs are stored in the /var/log/boot.msg file, however, some of the online articles and forums say that boot.msg and boot.log files have been deprecated. Also, it is not mentioned in this document listing the system log files in a SUSE environment.

Can someone shed some light on this? Has the boot.msg file has been deprecated and if yes, are there any other log files that I can use that store this information, or is there any other command that can be executed without root privileges to get this NICs-related information?

Thank you in advance!

mrmazda · September 26, 2023, 6:58pm

> inxi -Sz
System:
  Kernel: 5.14.21-150500.55.19-default arch: x86_64 bits: 64 Desktop: KDE
    v: 3.5.10 Distro: openSUSE Leap 15.5
> dmesg | tail
[  373.829360] CIFS: VFS: Invalid date, month 0 day: 0
[  373.829374] CIFS: VFS: Invalid date, month 0 day: 0
[  373.829389] CIFS: VFS: Invalid date, month 0 day: 0
[  373.829404] CIFS: VFS: Invalid date, month 0 day: 0
[  373.829419] CIFS: VFS: Invalid date, month 0 day: 0
[  373.829433] CIFS: VFS: Invalid date, month 0 day: 0
[  466.252707] CIFS: VFS: bogus file nlink value 0
[  466.265905] CIFS: VFS: bogus file nlink value 0
[43997.915048] perf: interrupt took too long (2529 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
[71278.420780] perf: interrupt took too long (3175 > 3161), lowering kernel.perf_event_max_sample_rate to 63000
> journalctl -b --no-hostname | tail
Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.
Sep 25 14:46:18 dbus-daemon[994]: [session uid=1050 pid=994] Activating via systemd: service name='org.freedesktop.impl.portal.PermissionStore' unit='xdg-permission-store.service' requested by ':1.20' (uid=1050 pid=2777 comm="/usr/lib/xdg-document-portal ")
Sep 25 14:46:18 systemd[976]: Starting sandboxed app permission store...
Sep 25 14:46:18 dbus-daemon[994]: [session uid=1050 pid=994] Successfully activated service 'org.freedesktop.impl.portal.PermissionStore'
Sep 25 14:46:18 systemd[976]: Started sandboxed app permission store.
Sep 25 14:46:18 dbus-daemon[994]: [session uid=1050 pid=994] Successfully activated service 'org.freedesktop.portal.Documents'
Sep 25 14:46:18 systemd[976]: Started flatpak document portal service.
Sep 25 14:46:18 xdg-desktop-por[2773]: No skeleton to export
Sep 25 14:46:18 systemd[976]: Started Portal service.
Sep 26 14:42:10 systemd[976]: Starting Cleanup of User's Temporary Files and Directories...
Sep 26 14:42:10 systemd[976]: Finished Cleanup of User's Temporary Files and Directories.
>

No requirement to be root here.

hcvv · September 26, 2023, 7:06pm

I do not think they do.

boven:/var/log # l /usr/bin/journalctl
-rwxr-xr-x 1 root root 76048 Aug 17 06:32 /usr/bin/journalctl*
boven:/var/log #

As you see, everybody can read and execute it.

But the files it handles (even if only showing) can only be read by the owner of those files root.

boven:/var/log # l messages-20230916.xz
-rw-r----- 1 root root 327636 Sep 15 22:34 messages-20230916.xz
boven:/var/log #

as are most files there.

Thus any other program, being it cat or and editor or whatever will not be able to read them when not being executed as a root owned process (or by others belonging to the ‘root’ group). Seems logical to me. You protect those files against normal user access or not, independent of the tool used.

rawar · September 26, 2023, 7:33pm

Just follow the journalctl hint:

Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.

and add group systemd-journal to your user that should have full read access to the journal,

hendersj · September 26, 2023, 8:39pm

What specific information are you looking for? It’s entirely possible that the info you’re looking for can be obtained in places other than in log files.

Without knowing what specific information you want, it’s hard to describe how to obtain it.

sid_fultariya · September 27, 2023, 1:14pm

Actually, the end goal is to create a script that allows all types of users to collect information on the hardware components of the system. In order to get the information about the NIC type, I used the following command:

dmesg | grep -i ‘NIC’

This command works for all the users in Centos and older versions of Ubuntu, however, it seems that higher privileges are required to run the same command in SUSE Linux distributions as I face the following error in a newly created user in SUSE Linux:

Output from the Centos:

[devuser@co7-50-7-214 ~]$ dmesg | grep -i ‘NIC’
[ 1.283260] VMware vmxnet3 virtual NIC driver - version 1.4.17.0-k-NAPI
[ 1.284769] vmxnet3 0000:03:00.0 eth0: NIC Link is Up 10000 Mbps
[ 4.249812] vmxnet3 0000:03:00.0 ens160: NIC Link is Up 10000 Mbps

Output from the SUSE 15.5 using root privilege:

dev_user@suse15-50-3-170:/root> sudo dmesg | grep -i ‘NIC’
[ 5.466168] VMware vmxnet3 virtual NIC driver - version 1.5.0.0-k-NAPI
[ 5.468485] vmxnet3 0000:0b:00.0 eth0: NIC Link is Up 10000 Mbps
[ 7.277652] vmxnet3 0000:0b:00.0 eth0: NIC Link is Up 10000 Mbps

Output from the SUSE 15.5 with the newly created user (non-root):

dev_user@suse15-50-3-170:/root> dmesg
dmesg: read kernel buffer failed: Operation not permitted

Kindly let me know if you have any alternative that allows me to retrieve the above-mentioned information without requiring any additional permissions or capabilities for the normal user. Also, please let me know if a specific set of capabilities or permissions is required for normal users to get this information.

malcolmlewis · September 27, 2023, 1:41pm

@sid_fultariya there is ip a and /sbin/lspci -nnk | grep -EA 3 "Ethernet" and as indicated, inxi which you can download the script and put in you $HOME bin directory.

hendersj · September 27, 2023, 6:23pm

dmesg is restricted now for security reasons - my guess is that it was determined that exposing information about the system to just any user allows an attacker to enumerate devices and do other things that could be used to compromise the system.

I found this: linux - dmesg: read kernel buffer failed: Permission denied - Unix & Linux Stack Exchange

Which points to this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842226

Chasing this a bit further (since this is debian, though I found posts about this for arch and other distros), the dmesg man page points to syslog(2), which explains:

       All commands except 3 and 10 require privilege.  In Linux kernels before Linux 2.6.37, command types 3 and  10  are
       allowed to unprivileged processes; since Linux 2.6.37, these commands are allowed to unprivileged processes only if
       /proc/sys/kernel/dmesg_restrict  has  the value 0.  Before Linux 2.6.37, "privileged" means that the caller has the
       CAP_SYS_ADMIN capability.  Since Linux 2.6.37, "privileged" means that the caller has either the CAP_SYS_ADMIN  ca‐
       pability (now deprecated for this purpose) or the (new) CAP_SYSLOG capability.

See the syslog(2) manpage for details about the specifics.