This file is indexed.

/usr/lib/ipsec/barf is in openswan 1:2.6.37-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
#! /bin/sh
# dump assorted information of use in debugging
# Copyright (C) 1998, 1999  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#

LC_ALL=C export LC_ALL

LOGS=${LOGS-/var/log}
CONFS=${IPSEC_CONFS-/etc}
CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec.d}
me="ipsec barf"
# Max lines to use for things like 'route -n'
maxlines=100

# kludge to produce no barf output mentioning policygroups if none are present.
# This will not catch ".file" policygroups. 
PREPOLICIES=${CONFDDIR}/policies
if [ `ls $PREPOLICIES 2> /dev/null | wc -l` -ne 0 ]
then
	POLICIES=$PREPOLICIES
fi

# message patterns that start relevant parts of logs
fstart='Starting Openswan'
pstart='Starting Pluto subsystem'

case "$1" in
--help)		echo "Usage: ipsec barf" ; exit 0	;;
--version)	echo "$me $IPSEC_VERSION" ; exit 0	;;
--maxlines)     maxlines=$2; shift;;
esac

# log-location guesser, results in $findlog_file and $findlog_startline
# Fine point:  startline is the *last* line containing "string", or
# failing that, the *first* line containing "fallbackstring".
findlog() {		# findlog string fallbackstring possiblefile ...
	s="$1"
	shift
	t="$1"
	shift
	# try the suggested files first
	for f in $*
	do
		if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$s" $LOGS/$f
		then
			# aha, this one has it
			findlog_file=$LOGS/$f
			findlog_startline=`egrep -n "$s" $LOGS/$f |
				sed -n '$s/:.*//p'`
			return 0
		fi
	done
	for f in $*
	do
		if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f
		then
			# aha, this one has it
			findlog_file=$LOGS/$f
			findlog_startline=`egrep -n "$t" $LOGS/$f |
				sed -n '1s/:.*//p'`
			return 0
		fi
	done
	# nope, resort to a search, newest first, of uncompressed logs
	for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'`
	do
		if test -f $LOGS/$f -a ! -d $LOGS/$f && egrep -q "$s" $LOGS/$f
		then
			# found it
			findlog_file=$LOGS/$f
			findlog_startline=`egrep -n "$s" $LOGS/$f |
				sed -n '$s/:.*//p'`
			return 0
		fi
	done
	for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'`
	do
		if test -s $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f
		then
			# found it
			findlog_file=$LOGS/$f
			findlog_startline=`egrep -n "$t" $LOGS/$f |
				sed -n '1s/:.*//p'`
			return 0
		fi
	done
# 	echo "$0: unable to find $LOGS/$1 or local equivalent" >&2
	findlog_file=/dev/null
	findlog_startline=1		# arbitrary
}

# try to guess where logs are
findlog "$fstart" "klips" messages syslog auth.log daemon.log
if test " $findlog_file" = " /dev/null" 
then
echo "Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration."
fi
klog=$findlog_file
kline=$findlog_startline

findlog "$pstart" "Pluto" secure auth.log daemon.log debug
if test " $findlog_file" = " /dev/null" 
then
echo "Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration."
fi 
plog=$findlog_file
pline=$findlog_startline

# /lib/modules examiner
modulegoo() {
	set +x
	for d in `ls /lib/modules`
	do
		if test -d /lib/modules/$d
		then
			f=/lib/modules/$d/$1
			if test -f $f
			then
				nm -g $f | egrep "$2"
			else
				echo
			fi | sed "s;^;$d: ;"
		fi
	done
	set -x
}

# advanced shell deviousness to get dividers into output
_________________________() {
	$2	# something to do nothing and not echo anything
}

exec 2>&1		# stderr on stdout, so errors go into main output

hostname ; date
set -x
_________________________ version
ipsec --version
_________________________ /proc/version
cat /proc/version
_________________________ /proc/net/ipsec_eroute
if test -r /proc/net/ipsec_eroute
then
	sort -sg -k 3 /proc/net/ipsec_eroute || cat /proc/net/ipsec_eroute
fi
_________________________ netstat-rn
netstat -nr|head -n $maxlines
_________________________ /proc/net/ipsec_spi
if test -r /proc/net/ipsec_spi
then
	cat /proc/net/ipsec_spi
fi
_________________________ /proc/net/ipsec_spigrp
if test -r /proc/net/ipsec_spigrp
then
	cat /proc/net/ipsec_spigrp
fi
_________________________ /proc/net/ipsec_tncfg
if test -r /proc/net/ipsec_tncfg
then
	cat /proc/net/ipsec_tncfg
fi
_________________________ /proc/net/pfkey
if test -r /proc/net/pfkey
then
	cat /proc/net/pfkey
_________________________ ip-xfrm-state
	ip xfrm state
_________________________ ip-xfrm-policy
	ip xfrm policy
fi
_________________________ /proc/crypto
if test -r /proc/crypto
then
	cat /proc/crypto
fi
# not visible on my 2.6 system
#_________________________ /proc/net/pf_key-star
#( cd /proc/net && egrep '^' pf_key_* )
__________________________/proc/sys/net/core/xfrm-star
for i in /proc/sys/net/core/xfrm_*
do
	echo -n "$i: "
	cat $i
done
_________________________ /proc/sys/net/ipsec-star
if test -d /proc/sys/net/ipsec
then
	( cd /proc/sys/net/ipsec && egrep '^' * )
fi
_________________________ ipsec/status
ipsec auto --status
_________________________ ifconfig-a
ifconfig -a
_________________________ ip-addr-list
ip addr list
_________________________ ip-route-list
ip route list
_________________________ ip-rule-list
ip rule list
_________________________ ipsec_verify
ipsec verify --nocolour
_________________________ mii-tool
if [ -x /sbin/mii-tool ] 
then
    /sbin/mii-tool -v
elif [ -x /usr/sbin/mii-tool ] 
then
    /usr/sbin/mii-tool -v
else
    mii-tool -v
fi
_________________________ ipsec/directory
ipsec --directory
_________________________ hostname/fqdn
hostname --fqdn
_________________________ hostname/ipaddress
hostname --ip-address
_________________________ uptime
uptime
_________________________ ps
# -i ppid picks up the header
ps alxwf | egrep -i 'ppid|pluto|ipsec|klips'
_________________________ ipsec/showdefaults
ipsec showdefaults
_________________________ ipsec/conf
ipsec _include $CONFS/ipsec.conf | ipsec _keycensor
_________________________ ipsec/secrets
ipsec _include $CONFS/ipsec.secrets | ipsec _secretcensor
_________________________ ipsec/listall
ipsec auto --listall
if [ $POLICIES ]
then
	for policy in $POLICIES/*; do base=`basename $policy`;
	   _________________________ ipsec/policies/$base
	   cat $policy
	done
fi
_________________________ ipsec/ls-libdir
ls -l ${IPSEC_LIBDIR-/usr/local/lib/ipsec}
_________________________ ipsec/ls-execdir
ls -l ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}
_________________________ /proc/net/dev
cat /proc/net/dev
_________________________ /proc/net/route
cat /proc/net/route
_________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
cat /proc/sys/net/ipv4/ip_no_pmtu_disc
_________________________ /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
_________________________ /proc/sys/net/ipv4/tcp_ecn
cat /proc/sys/net/ipv4/tcp_ecn
_________________________ /proc/sys/net/ipv4/conf/star-rp_filter
( cd /proc/sys/net/ipv4/conf && egrep '^' */rp_filter )
_________________________ /proc/sys/net/ipv4/conf/star-star-redirects
( cd /proc/sys/net/ipv4/conf && egrep '^' */*redirects )
_________________________ /proc/sys/net/ipv4/tcp_window_scaling
cat /proc/sys/net/ipv4/tcp_window_scaling
_________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
cat /proc/sys/net/ipv4/tcp_adv_win_scale
_________________________ uname-a
uname -a
_________________________ config-built-with
if test -r /proc/config_built_with
then
	cat /proc/config_built_with
fi
_________________________ distro-release
for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
do
        if test -f $distro
        then
               cat $distro
        fi

done
_________________________ /proc/net/ipsec_version
if test -r /proc/net/ipsec_version
then
	cat /proc/net/ipsec_version
else
	if test -r /proc/net/pfkey
	then
		echo "NETKEY (`uname -r`) support detected "
	else
		echo "no KLIPS or NETKEY support detected"
	fi
fi
_________________________ iptables
if test -r /sbin/iptables-save
then
	iptables-save
	_________________________ iptables-nat
	iptables-save -t nat
	_________________________ iptables-mangle
	iptables-save -t mangle
else
	if test -r /sbin/iptables
	then
		iptables -L -v -n
		_________________________ iptables-nat
		iptables -t nat -L -v -n
		_________________________ iptables-mangle
		iptables -t mangle -L -v -n
	fi
fi
_________________________ ip6tables
if test -r /sbin/ip6tables-save
then
	ip6tables-save
	_________________________ ip6tables-mangle
	ip6tables-save -t mangle
else
	if test -r /sbin/ip6tables
	then
		ip6tables -L -v -n
		_________________________ ip6tables-mangle
		ip6tables -t mangle -L -v -n
	fi
fi
_________________________ ip6tables

_________________________ /proc/modules
if test -f /proc/modules
then
	cat /proc/modules
else
	echo "kernel without module support"
fi
_________________________ /proc/meminfo
cat /proc/meminfo
#obsolete? not on my klips system
#_________________________ dev/ipsec-ls
#ls -l /dev/ipsec*
_________________________ /proc/net/ipsec-ls
if test -f /proc/net/ipsec_version
then
	ls -l /proc/net/ipsec_*
fi
_________________________ usr/src/linux/.config
if test -f /proc/config.gz
then
	zcat /proc/config.gz | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM' 
elif test -f /lib/modules/`uname -r`/build/.config
then
	cat /lib/modules/`uname -r`/build/.config | egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
else
	echo "no .config file found, cannot list kernel properties"
fi
_________________________ etc/syslog.conf
_________________________ etc/syslog-ng/syslog-ng.conf
cat /etc/syslog-ng/syslog-ng.conf
cat /etc/syslog.conf
_________________________ etc/resolv.conf
cat /etc/resolv.conf
_________________________ lib/modules-ls
ls -ltr /lib/modules
_________________________ fipscheck
cat /proc/sys/crypto/fips_enabled
_________________________ /proc/ksyms-netif_rx
if test -r /proc/ksyms
then
	egrep netif_rx /proc/ksyms
else
	if test -r /proc/kallsyms
	then
		egrep netif_rx /proc/kallsyms
	else
		echo "broken (redhat/fedora) 2.6 kernel without kallsyms"
	fi
fi
	
_________________________ lib/modules-netif_rx
modulegoo kernel/net/ipv4/ipip.o netif_rx
_________________________ kern.debug
if test -f $LOGS/kern.debug
then
	tail -100 $LOGS/kern.debug
fi
_________________________ klog
sed -n $kline,'$'p $klog |
	egrep -i 'ipsec|klips|pluto' |
	case "$1" in
	--short)	tail -500	;;
	*)		cat		;;
	esac
_________________________ plog
sed -n $pline,'$'p $plog |
	egrep -i 'pluto' |
	case "$1" in
	--short)	tail -500	;;
	*)		cat		;;
	esac
_________________________ date
date