LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-26-2005, 11:29 PM   #1
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Rep: Reputation: 15
Slack box crashed seven times in last 24 hours


i'm running gnome on slackware 10.0 kernel 2.4.26
my computer has completely frozen seven times in the last 24 hours - no mouse movement, no other virtual terminals, no anything.
it will happen while i'm browsing the web/ using GIMP/ playing mp3's in xmms/ etc.
this happens randomly while i'm doing any of these things independently or in combination.
i have no idea how to diagnose the problem and it's pissing me off -not to mention it's embarrassing- because my windows friends have started laughing.
bah, i could use help getting them to shut the hell up. thanks
 
Old 02-26-2005, 11:32 PM   #2
speel
Member
 
Registered: Apr 2004
Posts: 354

Rep: Reputation: 30
sounds like you might need to install your vid drivers if you havent .. any one else?
 
Old 02-26-2005, 11:58 PM   #3
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
a friend helped me with the installation a few months ago. i'm pretty sure we took care of that. i recall going to the nvidia site as well as setting the refresh rates, etc.
until now it's been running pretty smoothly, except the occasional glitch/random crash. i'd prefer if there were no downtime, but i'm still learning how to use linux so haven't got everything going gold.
i also realized that xmms is *always* running. figured i should mention that
 
Old 02-27-2005, 12:13 AM   #4
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
hmm... i just noticed the "does linux ever crash" thread. perhaps i should have posted under hardware. still, any help figuring out the problem would be great.
 
Old 02-27-2005, 08:00 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Have you looked in your log files (/var/log/messages, /var/log/syslog) to see if there is anything there?
 
Old 02-27-2005, 03:06 PM   #6
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
Hangdog42 -
thanks i just tried your suggestion, but i don't know what i'm looking for. i'm still quite new to linux...
there were a lot of lines saying that the system couldn't do stuff in /var/log/syslog and a bunch of illegal user and failed password stuff from 203.126.52.102 in /var/log/messages.
i find both of these a little disconcerting, but i have no idea what to do about it.
thanks for your time

Last edited by jgams; 02-27-2005 at 03:07 PM.
 
Old 02-27-2005, 03:17 PM   #7
synaptical
Senior Member
 
Registered: Jun 2003
Distribution: Mint 13/15, CentOS 6.4
Posts: 2,020

Rep: Reputation: 48
sounds like you could be getting hacked. that IP is a webmail service based in SIngapore. i would disconnect that PC from the net until some security gurus here can help you. you also might want to at least put that IP in /etc/hosts.deny file until you can make your box more secure.
 
Old 02-27-2005, 03:27 PM   #8
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
this computer is my only working machine... i guess i'll just take it offline between reading posts.
just a quick question though - how do i go about adding the ip in /etc/hosts.deny? i used gvim to open the file, but i'm not sure where to add the ip.
 
Old 02-27-2005, 03:27 PM   #9
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
The problem is that it is going to be hard to impossible to help with your crashes without knowing what is happening when it does crash. What I'm hoping is that there is something in the logs right before every crash.

Quote:
there were a lot of lines saying that the system couldn't do stuff
For a new install, that probably shouldn't be happening.

Quote:
and a bunch of illegal user and failed password stuff
As synaptical said, that could mean your getting hacked or it could be the ssh script kiddies at it again. You might want to post some of this and get an opinion or two.
 
Old 02-27-2005, 03:46 PM   #10
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
/var/log/messages:
Feb 27 08:48:56 slackware sshd[2558]: Illegal user test from 203.126.52.102
Feb 27 08:48:56 slackware sshd[2558]: Failed password for illegal user test from 203.126.52.102 port 46561 ssh2
Feb 27 08:48:59 slackware sshd[2560]: Failed password for guest from 203.126.52.102 port 46695 ssh2
Feb 27 08:49:01 slackware sshd[2562]: Illegal user admin from 203.126.52.102
Feb 27 08:49:01 slackware sshd[2562]: Failed password for illegal user admin from 203.126.52.102 port 47122 ssh2
Feb 27 08:49:04 slackware sshd[2564]: Illegal user admin from 203.126.52.102
Feb 27 08:49:04 slackware sshd[2564]: Failed password for illegal user admin from 203.126.52.102 port 47270 ssh2
Feb 27 08:49:06 slackware sshd[2566]: Illegal user user from 203.126.52.102
Feb 27 08:49:06 slackware sshd[2566]: Failed password for illegal user user from 203.126.52.102 port 47659 ssh2
Feb 27 08:49:09 slackware sshd[2568]: Failed password for root from 203.126.52.102 port 47817 ssh2
Feb 27 08:49:11 slackware sshd[2576]: Failed password for root from 203.126.52.102 port 48381 ssh2
Feb 27 08:49:14 slackware sshd[2578]: Failed password for root from 203.126.52.102 port 48686 ssh2

makes sense that you'd need to actually read what i got instead of vauge references to "things" and "stuff". alright, i'm getting it
slowly

/var/log/syslog:
Feb 27 05:31:31 slackware kernel: spurious 8259A interrupt: IRQ7.
Feb 27 08:48:56 slackware sshd[2558]: error: Could not get shadow information for NOUSER
Feb 27 08:49:01 slackware sshd[2562]: error: Could not get shadow information for NOUSER
Feb 27 08:49:04 slackware sshd[2564]: error: Could not get shadow information for NOUSER
Feb 27 08:49:06 slackware sshd[2566]: error: Could not get shadow information for NOUSER
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-slot-1
Feb 27 10:08:50 slackware modprobe: modprobe: Can't locate module sound-service-1-0
Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to write "/home/jgams/.gconf/apps/totem/%gconf.xml": Error writing file "/home/jgams/.gconf/apps/totem/%gconf.xml.new": No space left on device
Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to sync one or more sources: Failed to write some configuration data to disk
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device)
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:27:35 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log removal of listener to logfile (most likely harmless, may result in a notification weirdly reappearing): Failed: Failed to log removal of listener to gconfd logfile; might erroneously re-add the listener if gconfd exits or shuts down (No space left on device)
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 10:34:22 slackware gconfd (jgams-1184): Failed to log addition of listener totem (Failed: Failed to log addition of listener to gconfd logfile; won't be able to re-add the listener if gconfd exits or shuts down (No space left on device));will not be able to restore this listener on gconfd restart, resulting in unreliable notification of configuration changes.
Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): iid OAFIID:BrokenNoType:20000808 has a NULL type
Feb 27 14:03:07 slackware bonobo-activation-server (root-3890): invalid character '#' in iid 'OAFIID:This#!!%$iid%^$%_|~!OAFIID_ContainsBadChars'

Last edited by jgams; 02-27-2005 at 03:52 PM.
 
Old 02-27-2005, 03:50 PM   #11
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
Hangdog24-
"What I'm hoping is that there is something in the logs right before every crash."

these logs are for today (sunday) but the machine hasn't crashed since yesterday. is there a way to view the logs from previous days?
 
Old 02-27-2005, 04:57 PM   #12
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
All that sshd stuff is pretty common if you are running ssh. If you don't need it, turn it off. If you are using it, I would seriously recommend a few things. First, get into your /etc/ssh/sshd_config file and add an AllowUsers line. Start the line with AllowUsers and then enter the login name of every user you want to allow in via ssh separated by a space. Then find the Protocol line and make sure 2 is the only possibility. Also make sure PermitRootLogin is set to no. Finally, I'd give some thought to disallowing usernames and passwords via ssh and going with keys.

Quote:
these logs are for today (sunday) but the machine hasn't crashed since yesterday. is there a way to view the logs from previous days?
That should be easy. If you look in your /var/logs you should see messages, messages.1, messages.2, etc... That is logrotate copying the file to a new name and creating a new file. The .1 file is the newest, the .2 file is the next newest, and so on.

The rest of the stuff looks pretty harmless. The only thing that causes me some concern is this:

Quote:
"/home/jgams/.gconf/apps/totem/%gconf.xml.new": No space left on device
Feb 27 10:25:58 slackware gconfd (jgams-1184): Failed to sync one or more sources: Failed to write some configuration data to disk
Are you starting to run short of disk space on the partition containin /home? That certainly could explain the crashes. You can run df -h to see how much space is used and free in all your partitions.
 
Old 02-27-2005, 05:40 PM   #13
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
ok, so i tried to edit /etc/ssh/sshd_config but it claims to be a read-only file.

also what do the options in the Protocol line mean? they are currently set as 2, 1.

i was apparently down to 100k... took a look around and found like 90 episodes of the simpsons and six feet under... apparently my roommate likes to watch tv. cleaned those up and freed 4gig, that should help

time to change my user password again
 
Old 02-27-2005, 05:45 PM   #14
jgams
Member
 
Registered: Nov 2004
Location: Victoria, BC
Distribution: Slackware 10.2 , Ubuntu 5.04
Posts: 45

Original Poster
Rep: Reputation: 15
ok... i wasn't logged in as root. nevermind.
 
Old 02-27-2005, 08:05 PM   #15
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Quote:
also what do the options in the Protocol line mean? they are currently set as 2, 1.
That means that it tries protocol 2 first, then protocol 1 (an older, less secure encryption). Basically, you just want that to read Protocol 2. Pretty much any modern ssh client will use protocol 2 and if anybody needs protocol 1, tell them to upgrade to something decent.

Quote:
i was apparently down to 100k
You know, I'd be willing to believe that this is the cause of the crashes. Linux isn't like Windows where anything less than 10% free is a disaster, but 100K really isn't much free space and a full disk can cause strange behavior. You might want to investigate giving your roommate his own account and applying a disk space quota so any problems from too many Simpson's episodes are his and not the systems.

At this point there probably isn't much we can do except let the system run and see if you have more crashes or they stop.

Last edited by Hangdog42; 02-27-2005 at 08:06 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
crashed computer 3 times in less than 10 minutes, beat that! Mr. New General 2 06-17-2005 04:02 PM
mozilla crashed my box tacca Linux - Software 2 10-24-2004 03:36 PM
My RH 7.3 box went crashed satimis Linux - Software 1 08-11-2003 12:25 AM
Going to install Slack 9 in next 24 hours XavierP Slackware 10 07-26-2003 05:52 PM
My Box Crashed ToeShot Linux - General 6 08-04-2002 07:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration