Re: [CentOS] Syslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 



William L. Maltby wrote:
AFIK, the machine has not been compromised. It's pretty well sealed off with the exception of myself and 2 other very trusted users. Not exposed even on port 80. Named is really only caching, and I do know from past kills, it does write to /var/log/messages. I'm very tempted to boot again and see if something shows up somewhere else, but one of my main jobs just started up and I hate to kill it off due to time constraints. 

Well, if you're not worried about a compromise under these
circumstances... ;-)) I'd let your jobs finish and not sweat about it.
You said you had plenty of disk space, did you "df -i" to see if you
exhausted your i-nodes (unlikely, I know, but no assumptions are
warranted now).

Do you have quotas? Any chance they hit someone they weren't supposed to
hit? Permissions on the directoy still as they should be?

[wild-bill@wlmlfs08 ~]$ ls -dl /var/log
drwxr-xr-x  22 root root 4096 Jun 25 04:02 /var/log

As folks have mentioned in other threads, a chkrootkit run might be
appropriate if you can't find the cause.
There is no way this machine could be compromised from outside. It just can't happen. Plenty of i-nodes, plenty of disk space, no quotas, all the lock files are correct, directory perms are OK, file perms are OK, etc. It may be time to reboot anyhow and see if it comes back, or if something pops up during the reboot -- hang the run -- I need the log files to make sure some other software is working, and it appears that the logging for it is bombed too, even tho it's got it's own logging facility, it does use syslog to write. Have tried with and without it active, and no joy.
There's gotta be something strange.. now that I think about it, my daily log got really short sometime back, but don't remember exactly when. I assumed it was due to stopping a lot of processes. Hmmm.... someone tell me what processes besides syslog and dbus are required for it.. I may have stepped on my thingy myself! 


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux