LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-16-2012, 02:34 AM   #1
sobah
LQ Newbie
 
Registered: Jul 2012
Posts: 16

Rep: Reputation: Disabled
error log


hi...

recently i found this at my messages file...can anyone explain this to me

Dec 12 15:37:24 CDB last message repeated 58 times
Dec 12 15:47:16 CDB gconfd (root-29110): starting (version 2.14.0), pid 29110 user 'root'
Dec 12 15:47:16 CDB gconfd (root-29110): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Dec 12 15:47:16 CDB gconfd (root-29110): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Dec 12 15:47:16 CDB gconfd (root-29110): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Dec 12 15:47:20 CDB gconfd (root-29110): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 0
Dec 12 15:47:20 CDB hcid[3246]: Default passkey agent (:1.23, /org/bluez/applet) registered
Dec 12 15:47:20 CDB pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found
Dec 12 15:47:23 CDB last message repeated 3 times
Dec 12 15:48:04 CDB gconfd (root-29110): Exiting
Dec 12 15:48:07 CDB kernel: mtrr: type mismatch for d8000000,4000000 old: write-back new: write-combining
Dec 12 15:50:49 CDB snmpd[3464]: Connection from UDP: [172.20.10.1]:63674
Dec 12 15:50:49 CDB snmpd[3464]: Connection from UDP: [172.20.10.1]:63674
Dec 12 15:50:49 CDB snmpd[3464]: Connection from UDP: [172.17.10.12]:63674
Dec 12 15:50:50 CDB last message repeated 248 times


is it a serious issue? if so whats the solution

thanks
 
Old 12-16-2012, 02:39 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
It looks like normal system operation messages from gconf and your SNMP daemon to me. I assume that this is a standard desktop machine running GNOME?
 
Old 12-16-2012, 03:58 AM   #3
sobah
LQ Newbie
 
Registered: Jul 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
rhel 5 error

hi

it is an rhel5 server running oracle 11g

i never had the message before...that is why i want to check why the message appeared suddenly

thanks
 
Old 12-16-2012, 06:49 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
As btmiller indicated, someone is trying (as root it looks like) to run Gnome config.
Also,
Code:
Dec 12 15:47:20 CDB hcid[3246]: Default passkey agent (:1.23, /org/bluez/applet) registered
Dec 12 15:47:20 CDB pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found
Dec 12 15:47:23 CDB last message repeated 3 times
is Smart Card access.

If either of these is unexpected, you need to trace back those IPs.
 
2 members found this post helpful.
Old 12-17-2012, 03:20 AM   #5
sobah
LQ Newbie
 
Registered: Jul 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
thank you btmiller and chris

it is our database server...the database is used by an application stored in another server..hence i dont think any outsider might know about it and try to access it.

furthermore the server room is locked 24 hrs..so is it possible to invoke Gnome via command line..SSH

the other question is as the server is used internally how do i check IP address of all the requests to the server and how about this line

Dec 12 15:48:04 CDB gconfd (root-29110): Exiting
Dec 12 15:48:07 CDB kernel: mtrr: type mismatch for d8000000,4000000 old: write-back new: write-combining

Thanks for your help
 
Old 12-18-2012, 01:15 AM   #6
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Is there a GUI (GNOME specifically) installed on the database server? Have any packages been recently installed recently that have a GUI (these might have some GNOME bits and pieces as dependencies, which could explain the log entries)?

If you don't have a firewall, outsiders can quickly scan your entire network and get a list of every machine running on it, along with what services that machine is running. Has your machine been kept up to date with security patches?

You might start looking through /var/log/messages (where you saw the original messages) and /var/log/secure to see what else has been going on. It might also be a good idea to run rkhunter or similar on the system. However, in the event that the machine has been compromised, log files can be easily altered and trojans installed to make check programs like rkhunter give misleading results.
 
Old 12-18-2012, 11:13 AM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
You might also check roots login .bashrc and friends.

Some connections do NOT want to be treated if there is no hardware terminal attached (or pty) and having some things in the startup script that expect a terminal can cause issues. Ssh for instance, can run a command remotely (ssh hostname command), but there is no terminal attached. If the .bashrc or .profile runs something that expects a hardware terminal (such as having a local smartcard) then you will get really odd messages.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: /var/log/clamav/freshclam.log is locked by another process cccc Linux - General 3 09-23-2014 03:38 AM
error: mail command failed for /var/log/squidguard/squidGuard.log.6 Niceman2005 Linux - Networking 1 01-22-2009 02:24 PM
at boot up log in log out error snow bird Linux - Hardware 9 08-25-2007 01:42 AM
Error log in /var/log/messages raymond117 Linux - Security 9 01-26-2005 08:17 AM


All times are GMT -5. The time now is 04:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration