Slack box crashed seven times in last 24 hours
 

i'm running gnome on slackware 10.0 kernel 2.4.26
my computer has completely frozen seven times in the last 24 hours - no mouse movement, no other virtual terminals, no anything.
it will happen while i'm browsing the web/ using GIMP/ playing mp3's in xmms/ etc.
this happens randomly while i'm doing any of these things independently or in combination.
i have no idea how to diagnose the problem and it's pissing me off -not to mention it's embarrassing- because my windows friends have started laughing.
bah, i could use help getting them to shut the hell up. thanks

sounds like you might need to install your vid drivers if you havent .. any one else?

a friend helped me with the installation a few months ago. i'm pretty sure we took care of that. i recall going to the nvidia site as well as setting the refresh rates, etc.
until now it's been running pretty smoothly, except the occasional glitch/random crash. i'd prefer if there were no downtime, but i'm still learning how to use linux so haven't got everything going gold.
i also realized that xmms is *always* running. figured i should mention that

hmm... i just noticed the "does linux ever crash" thread. perhaps i should have posted under hardware. still, any help figuring out the problem would be great.

Have you looked in your log files (/var/log/messages, /var/log/syslog) to see if there is anything there?

Hangdog42 -
thanks i just tried your suggestion, but i don't know what i'm looking for. i'm still quite new to linux...
there were a lot of lines saying that the system couldn't do stuff in /var/log/syslog and a bunch of illegal user and failed password stuff from 203.126.52.102 in /var/log/messages.
i find both of these a little disconcerting, but i have no idea what to do about it.
thanks for your time

sounds like you could be getting hacked. :eek: that IP is a webmail service based in SIngapore. i would disconnect that PC from the net until some security gurus here can help you. you also might want to at least put that IP in /etc/hosts.deny file until you can make your box more secure.

this computer is my only working machine... i guess i'll just take it offline between reading posts.
just a quick question though - how do i go about adding the ip in /etc/hosts.deny? i used gvim to open the file, but i'm not sure where to add the ip.

The problem is that it is going to be hard to impossible to help with your crashes without knowing what is happening when it does crash. What I'm hoping is that there is something in the logs right before every crash.

For a new install, that probably shouldn't be happening.

As synaptical said, that could mean your getting hacked or it could be the ssh script kiddies at it again. You might want to post some of this and get an opinion or two.

/var/log/messages:
Feb 27 08:48:56 slackware sshd[2558]: Illegal user test from 203.126.52.102
Feb 27 08:48:56 slackware sshd[2558]: Failed password for illegal user test from 203.126.52.102 port 46561 ssh2
Feb 27 08:48:59 slackware sshd[2560]: Failed password for guest from 203.126.52.102 port 46695 ssh2
Feb 27 08:49:01 slackware sshd[2562]: Illegal user admin from 203.126.52.102
Feb 27 08:49:01 slackware sshd[2562]: Failed password for illegal user admin from 203.126.52.102 port 47122 ssh2
Feb 27 08:49:04 slackware sshd[2564]: Illegal user admin from 203.126.52.102
Feb 27 08:49:04 slackware sshd[2564]: Failed password for illegal user admin from 203.126.52.102 port 47270 ssh2
Feb 27 08:49:06 slackware sshd[2566]: Illegal user user from 203.126.52.102
Feb 27 08:49:06 slackware sshd[2566]: Failed password for illegal user user from 203.126.52.102 port 47659 ssh2
Feb 27 08:49:09 slackware sshd[2568]: Failed password for root from 203.126.52.102 port 47817 ssh2
Feb 27 08:49:11 slackware sshd[2576]: Failed password for root from 203.126.52.102 port 48381 ssh2
Feb 27 08:49:14 slackware sshd[2578]: Failed password for root from 203.126.52.102 port 48686 ssh2

makes sense that you'd need to actually read what i got instead of vauge references to "things" and "stuff". alright, i'm getting it
slowly

/var/log/syslog:
Feb 27 05:31:31 slackware kernel: spurious 8259A interrupt: IRQ7.
Feb 27 08:48:56 slackware sshd[2558]: error: Could not get shadow information for NOUSER
Feb 27 08:49:01 slackware sshd[2562]: error: Could not get shadow information for NOUSER
Feb 27 08:49:04 slackware sshd[2564]: error: Could not get shadow information for NOUSER
Feb 27 08:49:06 slackware sshd[2566]: error: Could not get shadow information for NOUSER
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0
Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to write "/home/jgams/.gconf/apps/totem/%gconf.xml": Error writing file "/home/jgams/.gconf/apps/totem/%gconf.xml.new": No space left on device
Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to sync one or more sources: Failed to write some configuration data to disk
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device)
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device)
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): iid OAFIID:BrokenNoType:20000808 has a NULL type
Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): invalid character '#' in iid 'OAFIID:This#!!%$iid%^$%_|~!OAFIID_ContainsBadChars'

Hangdog24-
"What I'm hoping is that there is something in the logs right before every crash."

these logs are for today (sunday) but the machine hasn't crashed since yesterday. is there a way to view the logs from previous days?

All that sshd stuff is pretty common if you are running ssh. If you don't need it, turn it off. If you are using it, I would seriously recommend a few things. First, get into your /etc/ssh/sshd_config file and add an AllowUsers line. Start the line with AllowUsers and then enter the login name of every user you want to allow in via ssh separated by a space. Then find the Protocol line and make sure 2 is the only possibility. Also make sure PermitRootLogin is set to no. Finally, I'd give some thought to disallowing usernames and passwords via ssh and going with keys.

That should be easy. If you look in your /var/logs you should see messages, messages.1, messages.2, etc... That is logrotate copying the file to a new name and creating a new file. The .1 file is the newest, the .2 file is the next newest, and so on.

The rest of the stuff looks pretty harmless. The only thing that causes me some concern is this:

Are you starting to run short of disk space on the partition containin /home? That certainly could explain the crashes. You can run df -h to see how much space is used and free in all your partitions.

ok, so i tried to edit /etc/ssh/sshd_config but it claims to be a read-only file.

also what do the options in the Protocol line mean? they are currently set as 2, 1.

i was apparently down to 100k... took a look around and found like 90 episodes of the simpsons and six feet under... apparently my roommate likes to watch tv. cleaned those up and freed 4gig, that should help

time to change my user password again

ok... i wasn't logged in as root. nevermind.

That means that it tries protocol 2 first, then protocol 1 (an older, less secure encryption). Basically, you just want that to read Protocol 2. Pretty much any modern ssh client will use protocol 2 and if anybody needs protocol 1, tell them to upgrade to something decent.

You know, I'd be willing to believe that this is the cause of the crashes. Linux isn't like Windows where anything less than 10% free is a disaster, but 100K really isn't much free space and a full disk can cause strange behavior. You might want to investigate giving your roommate his own account and applying a disk space quota so any problems from too many Simpson's episodes are his and not the systems.

At this point there probably isn't much we can do except let the system run and see if you have more crashes or they stop.