I also have had nothing access /dev/random in the last 48 hours.
I wrote a simple script to log available entropy every 10 seconds and ran
it for 36 hours. I had a maximum of 2043 and a minimum of 132, the graph
being quite erratic.
I suppose the question really is what's a sensible minimum level to be
happy?
On 16 March 2016 at 15:22, Roger Light <roger@???> wrote:
> Hi,
>
> I've not had any output from the systemtap script so I don't believe
> anything has accessed /dev/random since my last email. I'm running
> exim4, spamd, php-fpm, sshd, nginx amongst others.
>
> Same caveat as before - I might have missed something important.
>
> Cheers,
>
> Roger
>
>
>
>
> On Mon, Mar 14, 2016 at 11:23 AM, Roger Light <roger@???> wrote:
> > Hi,
> >
> > I listened to some of the ubuntu podcast on the way in to work this
> > morning and they mentioned the util "fatrace". Turns out you can't use
> > the fanotify functions with /dev, but I've managed to figure out a
> > good way of doing this.
> >
> > Assuming you've got SystemTap (kernel probing functionality, see at
> > the end of the email) installed, then try:
> >
> > sudo stap random_read.stp
> >
> > where random_read.stp looks like:
> >
> > probe kernel.function("random_read").call
> > {
> > printf("%s[%d] len:%d\n", execname(), tid(), $nbytes)
> > }
> >
> > This will print out the executable name, process id and number of
> > bytes requested each time a process reads from /dev/random. You can
> > verify it with e.g.
> >
> > dd if=/dev/random of=/dev/null count=1
> >
> > FWIW, whilst I was testing I was using urandom_read instead and exim
> > was reading from there, not from random_read. ymmv. The only thing
> > I've seen so far is "dd" :) I'll leave it running and report back if I
> > spot anything.
> >
> > This is the first time I've played with systemtap and I may have
> > missed something. I'm not sure that the ".call" should be there for
> > example.
> >
> > Cheers,
> >
> > Roger
> >
> >
> >
> > Installation notes for ubuntu:
> >
> > apt-get install systemtap
> >
> > # Install kernel debug symbols, this is less optimal than it could be.
> > See
> https://wiki.ubuntu.com/Kernel/Systemtap#Where_to_get_debug_symbols_for_kernel_X.3F
> >
> > codename=$(lsb_release -c | awk '{print $2}')
> > sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
> > deb http://ddebs.ubuntu.com/ ${codename} main restricted universe
> > multiverse
> > deb http://ddebs.ubuntu.com/ ${codename}-security main restricted
> > universe multiverse
> > deb http://ddebs.ubuntu.com/ ${codename}-updates main restricted
> > universe multiverse
> > deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted
> > universe multiverse
> > EOF
> >
> > sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
> ECDCAD72428D7C01
> > sudo apt-get update
> > sudo apt-get install linux-image-$(uname -r)-dbgsym
> >
> >
> >
> > On Mon, Mar 14, 2016 at 10:24 AM, Andy Smith <andy@???> wrote:
> >> On Mon, Mar 14, 2016 at 10:22:28AM +0000, Andy Smith wrote:
> >>> $ sudo strace -o open -p $(pgrep exim4) 2>&1 | grep random
> >>
> >> Hmm, maybe need a -ff on that to follow forks…
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.10 (GNU/Linux)
> >>
> >> iEYEAREDAAYFAlbmkVMACgkQIJm2TL8VSQuUkgCfdFHtYhq/iJsa3HXykeVA73GH
> >> gDMAn13IDR+rDx63BHFGp2HnGuJbTgEE
> >> =j5zJ
> >> -----END PGP SIGNATURE-----
> >>
> >> _______________________________________________
> >> users mailing list
> >> users@???
> >> https://lists.bitfolk.com/mailman/listinfo/users
> >>
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
--
Robert Gauld
http://www.robertgauld.co.uk
