LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-02-2003, 07:07 PM   #1
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Strange messages after reboot


Could you please enlighten me why I get messages like
'nvi successfully recovered smb.conf'
or the like, when I restart a crashed unix server?
(Nvi also tends to recover .pl scripts).
This seems strange for me, since I can bet these files were not opened by anyone for writing (at least I strongly hope so).
So, why they need recovery after a system crash?

Last edited by J_Szucs; 01-02-2003 at 07:23 PM.
 
Old 01-02-2003, 11:30 PM   #2
isajera
Senior Member
 
Registered: Jun 2001
Location: San Antonio, TX
Distribution: distro? what's a distro?
Posts: 1,635

Rep: Reputation: 45
nvi is a version of the vi editor - it will recover semi-edited files from unsaved sessions where the editor wasn't exited properly. i guess that means when anyone is messing around with files they can't edit, they exit vi improperly (or are cut off during a system crash), and nvi saves it in a buffer somewhere.

...that, or some cron script is using vi to update files, which i find somewhat unlikely... hmm.

there is a chance someone's using it to hack the system tho :
http://linux.oreillynet.com/pub/a/li...ities.html#nvi

also somewhat unlikely, but definitely worth checking into.

Last edited by isajera; 01-02-2003 at 11:31 PM.
 
Old 01-03-2003, 06:46 AM   #3
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Original Poster
Rep: Reputation: 58
There are some cron jobs, but none of them is intended to edit any files.
What to check in order to find out if I am hacked?

Not being a guru I checked 'last' (only showing my logins) and /var/messages, so far, but I am almost sure that a hacker can delete evidences from such obvious places.
 
Old 01-03-2003, 09:53 AM   #4
isajera
Senior Member
 
Registered: Jun 2001
Location: San Antonio, TX
Distribution: distro? what's a distro?
Posts: 1,635

Rep: Reputation: 45
i really wouldn't know what to check for. i don't think it's very likely that your system has been compromised in any way, but i'd recommend upgrading the program just to be safe. you can get the latest version here - http://www.bostic.com/vi/

nvi uses a different buffer and recovery system than vim or classic vi uses, so i'm not sure how it would act after a system crash. i think it's much more likely that the recoveries you're seeing are a result of interrupted sessions rather than anything sinister. you might want to check in your startup scripts to see if there's anything nvi uses to recover crashed sessions at startup. i found this about nvi recovery - hope it helps :
http://www.neosoft.com/neosoft/man/vi.1.html#sect4

Last edited by isajera; 01-03-2003 at 09:56 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange messages redneon Linux - General 16 08-10-2005 09:27 AM
Strange messages tuxunkhamon Linux - Wireless Networking 1 05-30-2005 10:49 AM
strange messages on my consoles atzalan Linux - Networking 1 05-11-2005 01:55 AM
eth0 will not restart. Errors in /var/log/messages soren625 Linux - Networking 8 06-05-2004 12:43 PM
Strange console messages fweaver Linux - Security 4 12-27-2002 09:29 AM


All times are GMT -5. The time now is 12:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration