Re: [CentOS] Syslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2006-06-27 at 15:06 -0400, Sam Drinkard wrote:
> 
> Jason Bradley Nance wrote:
> 
> >> <snip>

> AFIK, the machine has not been compromised.  It's pretty well sealed off 
> with the exception of myself and 2 other very trusted users. Not exposed 
> even on port 80.  Named is really only caching, and I do know from past 
> kills, it does write to /var/log/messages.  I'm very tempted to boot 
> again and see if something shows up somewhere else, but one of my main 
> jobs just started up and I hate to kill it off due to time constraints.

Well, if you're not worried about a compromise under these
circumstances... ;-)) I'd let your jobs finish and not sweat about it.
You said you had plenty of disk space, did you "df -i" to see if you
exhausted your i-nodes (unlikely, I know, but no assumptions are
warranted now).

Do you have quotas? Any chance they hit someone they weren't supposed to
hit? Permissions on the directoy still as they should be?

[wild-bill@wlmlfs08 ~]$ ls -dl /var/log
drwxr-xr-x  22 root root 4096 Jun 25 04:02 /var/log

As folks have mentioned in other threads, a chkrootkit run might be
appropriate if you can't find the cause.

> 
-- 
Bill

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux