[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: syslogd restarting oddities



On Fri, 2 Nov 2001, the angel gabriel wrote:

> hey, just some questions about the "messages" logfile:
>
> is it normal for syslogd to be restarting itself repeatedly?
> i've got a list of the following in my messages logfile:
>
> Oct 28 04:02:01 [computername] syslogd 1.4-0: restart.
> Oct 28 04:02:01 [computername] syslogd 1.4-0: restart.
> Oct 28 04:02:01 [computername] syslogd 1.4-0: restart.
> Oct 28 04:02:01 [computername] syslogd 1.4-0: restart.
>
This is logrotate doing its thing.  It is normal.
>
> and later on in the same file,
> i've got a single line with a whole slew of "220/220/220...." etc.
>
This I would worry about!  It is not normal.  It looks like a buffer
overflow.
>
> and to add to the rest of that
> i just turned on my monitor, and instead of seeing a login prompt
> i saw this:
>
>
>
> Red Hat Linux release 7.1 (Seawolf)
> Kernel 2.4.2-2 on an i686
>
> INIT: version 2.78 reloading
>
> _
>
>
> i hit "enter" and the login prompt came up
>
> what is all this?
>
This part is not good.  I would take a look at /etc/inittab, as I
suspect your box was cracked, and something was added to inittab.
Unless there is someone else with root access to your box, and they did
some changes that required changing /etc/inittab, take that box off the
Internet, and check it out.  If it has been cracked, back up your data,
and do a reinstall, with a complete reformat!  Then make sure you have
the latest updates!  (If you have not updated 7.1 after you installed
it, then you have some BIG security holes!)

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]