On Tue, 2006-06-27 at 15:06 -0400, Sam Drinkard wrote: > > Jason Bradley Nance wrote: > > >> <snip> > AFIK, the machine has not been compromised. It's pretty well sealed off > with the exception of myself and 2 other very trusted users. Not exposed > even on port 80. Named is really only caching, and I do know from past > kills, it does write to /var/log/messages. I'm very tempted to boot > again and see if something shows up somewhere else, but one of my main > jobs just started up and I hate to kill it off due to time constraints. Well, if you're not worried about a compromise under these circumstances... ;-)) I'd let your jobs finish and not sweat about it. You said you had plenty of disk space, did you "df -i" to see if you exhausted your i-nodes (unlikely, I know, but no assumptions are warranted now). Do you have quotas? Any chance they hit someone they weren't supposed to hit? Permissions on the directoy still as they should be? [wild-bill@wlmlfs08 ~]$ ls -dl /var/log drwxr-xr-x 22 root root 4096 Jun 25 04:02 /var/log As folks have mentioned in other threads, a chkrootkit run might be appropriate if you can't find the cause. > -- Bill
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
