Slack box crashed seven times in last 24 hours
i'm running gnome on slackware 10.0 kernel 2.4.26
my computer has completely frozen seven times in the last 24 hours - no mouse movement, no other virtual terminals, no anything. it will happen while i'm browsing the web/ using GIMP/ playing mp3's in xmms/ etc. this happens randomly while i'm doing any of these things independently or in combination. i have no idea how to diagnose the problem and it's pissing me off -not to mention it's embarrassing- because my windows friends have started laughing. bah, i could use help getting them to shut the hell up. thanks |
sounds like you might need to install your vid drivers if you havent .. any one else?
|
a friend helped me with the installation a few months ago. i'm pretty sure we took care of that. i recall going to the nvidia site as well as setting the refresh rates, etc.
until now it's been running pretty smoothly, except the occasional glitch/random crash. i'd prefer if there were no downtime, but i'm still learning how to use linux so haven't got everything going gold. i also realized that xmms is *always* running. figured i should mention that |
hmm... i just noticed the "does linux ever crash" thread. perhaps i should have posted under hardware. still, any help figuring out the problem would be great.
|
Have you looked in your log files (/var/log/messages, /var/log/syslog) to see if there is anything there?
|
Hangdog42 -
thanks i just tried your suggestion, but i don't know what i'm looking for. i'm still quite new to linux... there were a lot of lines saying that the system couldn't do stuff in /var/log/syslog and a bunch of illegal user and failed password stuff from 203.126.52.102 in /var/log/messages. i find both of these a little disconcerting, but i have no idea what to do about it. thanks for your time |
sounds like you could be getting hacked. :eek: that IP is a webmail service based in SIngapore. i would disconnect that PC from the net until some security gurus here can help you. you also might want to at least put that IP in /etc/hosts.deny file until you can make your box more secure.
|
this computer is my only working machine... i guess i'll just take it offline between reading posts.
just a quick question though - how do i go about adding the ip in /etc/hosts.deny? i used gvim to open the file, but i'm not sure where to add the ip. |
The problem is that it is going to be hard to impossible to help with your crashes without knowing what is happening when it does crash. What I'm hoping is that there is something in the logs right before every crash.
Quote:
Quote:
|
/var/log/messages:
Feb 27 08:48:56 slackware sshd[2558]: Illegal user test from 203.126.52.102 Feb 27 08:48:56 slackware sshd[2558]: Failed password for illegal user test from 203.126.52.102 port 46561 ssh2 Feb 27 08:48:59 slackware sshd[2560]: Failed password for guest from 203.126.52.102 port 46695 ssh2 Feb 27 08:49:01 slackware sshd[2562]: Illegal user admin from 203.126.52.102 Feb 27 08:49:01 slackware sshd[2562]: Failed password for illegal user admin from 203.126.52.102 port 47122 ssh2 Feb 27 08:49:04 slackware sshd[2564]: Illegal user admin from 203.126.52.102 Feb 27 08:49:04 slackware sshd[2564]: Failed password for illegal user admin from 203.126.52.102 port 47270 ssh2 Feb 27 08:49:06 slackware sshd[2566]: Illegal user user from 203.126.52.102 Feb 27 08:49:06 slackware sshd[2566]: Failed password for illegal user user from 203.126.52.102 port 47659 ssh2 Feb 27 08:49:09 slackware sshd[2568]: Failed password for root from 203.126.52.102 port 47817 ssh2 Feb 27 08:49:11 slackware sshd[2576]: Failed password for root from 203.126.52.102 port 48381 ssh2 Feb 27 08:49:14 slackware sshd[2578]: Failed password for root from 203.126.52.102 port 48686 ssh2 makes sense that you'd need to actually read what i got instead of vauge references to "things" and "stuff". alright, i'm getting it slowly /var/log/syslog: Feb 27 05:31:31 slackware kernel: spurious 8259A interrupt: IRQ7. Feb 27 08:48:56 slackware sshd[2558]: error: Could not get shadow information for NOUSER Feb 27 08:49:01 slackware sshd[2562]: error: Could not get shadow information for NOUSER Feb 27 08:49:04 slackware sshd[2564]: error: Could not get shadow information for NOUSER Feb 27 08:49:06 slackware sshd[2566]: error: Could not get shadow information for NOUSER Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1 Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0 Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1 Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0 Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to write "/home/jgams/.gconf/apps/totem/%gconf.xml": Error writing file "/home/jgams/.gconf/apps/totem/%gconf.xml.new": No space left on device Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to sync one or more sources: Failed to write some configuration data to disk Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device) Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes. Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes. Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device) Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes. Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes. Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): iid OAFIID:BrokenNoType:20000808 has a NULL type Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): invalid character '#' in iid 'OAFIID:This#!!%$iid%^$%_|~!OAFIID_ContainsBadChars' |
Hangdog24-
"What I'm hoping is that there is something in the logs right before every crash." these logs are for today (sunday) but the machine hasn't crashed since yesterday. is there a way to view the logs from previous days? |
All that sshd stuff is pretty common if you are running ssh. If you don't need it, turn it off. If you are using it, I would seriously recommend a few things. First, get into your /etc/ssh/sshd_config file and add an AllowUsers line. Start the line with AllowUsers and then enter the login name of every user you want to allow in via ssh separated by a space. Then find the Protocol line and make sure 2 is the only possibility. Also make sure PermitRootLogin is set to no. Finally, I'd give some thought to disallowing usernames and passwords via ssh and going with keys.
Quote:
The rest of the stuff looks pretty harmless. The only thing that causes me some concern is this: Quote:
|
ok, so i tried to edit /etc/ssh/sshd_config but it claims to be a read-only file.
also what do the options in the Protocol line mean? they are currently set as 2, 1. i was apparently down to 100k... took a look around and found like 90 episodes of the simpsons and six feet under... apparently my roommate likes to watch tv. cleaned those up and freed 4gig, that should help time to change my user password again |
ok... i wasn't logged in as root. nevermind.
|
Quote:
Quote:
At this point there probably isn't much we can do except let the system run and see if you have more crashes or they stop. |
All times are GMT -5. The time now is 05:40 PM. |