Hi ho,

Mandrake 9.0 - after having read various warnings about logging in as root when the adsl connection is up and running, I've got into the habit of going into the mandrake control centre, finding the connection thingy, and disconnecting, sometimes I get a little message about it detecting another connection, and something/somebody might be using my network.

What does this mean, is it something to do with server stuff that I might have running or is it something that I should be concerned with?

How do I find out?

regards

John

Uhm, maybe from the /var/log/messages thingie?

John, actually there are alot of messages on your box that the unaware, or un-familiar might seem like system being compromised, but that's because alot of your things run as seperate servers, and aren't all integrated so perfectly.

If you post some error messges, some of us might be able to "translate" them better for you.

Cool

I don't recall the exact wording Chad, but I seems to come up on the "connections dialogue", I often leave the mandrake control centre in the background, and just bring it back up to be able to disconnect, it is then that it comes up with Warning: a second connection has been detected, someone may be using your connection. or words to that effect.

Not being a command line nut, I don't know the difference between using gui to look at the logs and /var/logs/messages (pathetic eh!)that unspawn suggested, but I looked through all the various headings under the logs section, an apart from a few ip addresses that as far as I can tell (or remember) originate from my isp. Hence I am not sure what or how to check to see if someone has been "visiting".

I suspect that I have got something running serverwise, that is causing this, but I have to plead the usual "ignorance" excuse.

How some of the more knowledgeable types here have learned so much eludes me, trying to read some of the help stuff off a screen give me a headache.

But any suggestion what I need to look for and where will be very helpful, and next time I get the message I'll write it down and post it (I say next time, because I've been digging around to try and sort my sound snags - and have managed to kill something in the connection - SIOCDELRT - yarda yarda - line 150 command not found. This is the second time i've had this with the mandy 9.0 and both times I have ended up going through the rigmarole of re-installing the OS because what little I can find about it, means absolutely zero - and i've just re-installed and still haven't finished setting my connection and preferences etc)

regards

John

Wow, that's really a horrible story John. I would have a heck of a time with Linux if everytime I crashed my box I reinstalled it.

I wouldn't worry too much about someone plugging around on your box, as long as you aren't being root, and have given root a hard-to-crack pass and things of the normal paranoia settings, then you are probably ok. But I think UnSpawn would have my name changed to blundering fool if I didn't also say that it is possible. You might wanna just see if you can grab some screens or something like that, makes it much easier than retyping an error message, you could save it to a fat32/ntfs partition and then bring it up when you go online and post it that way.

Cool

If you are using asdl you most likely have a dynamic ip address, and the message could perhaps be your dhcp client talking to your isp's dhcp server. Just a thought.

Aha! i have exactly the same message. Unfortunately, I don't know what it is either

I'm on Mandrake 9 with NIC to an ADSL router. Static IP's. I've been running Linux for 3 days (now *that's* a newbie) and my net connection just died yesterday for no aparrent reason.

I run dual boot and the connection works fine on windows with the same IP setup.

Ah well, if it never went wrong, I guess I wouldn't learn anything!

This is where a "catchall" rule in your /etc/syslog.conf comes in handy. If you add this line (w/o quotes and yes, <tab> is a tab):
"*.*<tab><tab>/var/log/catchall.log" , do a "touch /var/log/catchall.log" chmod it 0600 and then restart syslog, all error messages should be dumped there, unless an app dumps it to stderr.

Because it might be filling up quite fast you want to consider making a separate logrotate entry for it and call it from cron over a reasonable interval. If you set up a logrotate prerotation script you can even mail the interesting entries to yourself:

(/etc/logrotate.d/catchall.log)
/var/log/catchall.log {
prerotate
egrep /var/log/catchall.log -e "(wannasee0|wannasee1)" | egrep -ve "(dontwannasee0|dontwannasee1)" | mail -s "Catchall log $(date +%m%d%Y:%H%M)" <mailtoname>
endscript
compress
size 10M
notifempty
rotate 7
errors root
create 0600 root root
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
endscript
}

Now add a line to /etc/crontab calling it hourly:
00 */1 * * * root logrotate /etc/logrotate.d/catchall.log

Crond will restart itself once the changes are saved.

HTH somehow.

Whoooooooooosh! (the noise your post made as it shot straight over my head).

Seriously though, Thanks for the idea, since I read the post from bulliver, I can't recall seeing the prompt, but now I am going to watch out for it and start digging through the logs with paranoid obsession.

I am pretty sure that I don't have the luxury of static IP's as mentioned by ianr (I seem to recall that my provider charges extra for static IP's though when I do ifconfig the numbers don't change very much!).

Again, many thanks

regards

John

p.s. being a linux dummy, is there a point where the logs are full and start to auto delete i.e. like cache memory in a browser????? or do they just carry on logging and eventually eat into available disc space? - sorry if this sounds like i'm being thick!