Error on CentOS Server after applying the latest updates

baldur2630 · 06-08-2011, 06:02 AM

I just put the latest updates onto My CentOS 5.6 server. It started life as a 5.4 Server, then the upgrades took it to 5.6.

The latest updates did a Kernel Update and the server sent me two messages : -

-----BEGIN MESSAGE-----
[2011-06-08T12:37:17+0200] centos54.xxx.yyyyy.com
ALERT : [2011-06-08T12:37:17+0200] msg=<START>, program=<Samhain>, userid=<0>, path=</etc/samhainrc>, hash=<256A548F71A768CC1E054F0C1E90E8674D36A09BDF9E5D13>, path=</var/lib/samhain/samhain_file>, hash=<9366451EB106619E8AE1B4AEC305EA2B83140A789888EF43>
-----BEGIN SIGNATURE-----
20AA642365713EA58F73A1637F61DA1C26FC3E2E4ACA2233
000000 1307529480::centos54.xxx.yyyyy.com
-----END MESSAGE-----

and

-----BEGIN MESSAGE-----
[2011-06-08T12:38:00+0200] centos54.xxx.yyyyy.com
ALERT : [2011-06-08T12:38:00+0200] msg=<LOGKEY>, program=<Samhain>, hash=<2A3F91D5C3968ABE724481B245E91B984E55F98AC30A0561>
-----BEGIN LOGKEY-----
2A3F91D5C3968ABE724481B245E91B984E55F98AC30A0561[2011-06-08T12:38:00+0200]
-----BEGIN SIGNATURE-----
F6F1BD576F38C9015D18FCE059B2C33AED8A50498714D768
000001 1307529480::centos54.xxx.yyyyy.com
-----END MESSAGE-----

Can anyone tell me what's going on and how to fix this?

AlucardZero · 06-08-2011, 07:04 AM

what's the problem ?

baldur2630 · 06-08-2011, 07:19 AM

The problem is - there's an error! Errors never get better on their own - only worse, so best to fix it BEFORE it gets worse, not so?

I regard it as abnormal when a server sends you two error messages by email every time you reboot it. Not even Windows does that!

AlucardZero · 06-08-2011, 08:30 AM

Oh, you didn't mention that this happens every time you reboot it, and it's not obvious from those messages that there is a problem.

I did some Googling for you ("BEGIN LOGKEY") and searched the manual. The first one is Samhain starting up. The second one is Samhain's key which is required to verify further messages you receive from Samhain. Neither indicate a problem.

If you don't want the messages you can turn down Samhain's log level (not recommended if you use it) or uninstall it.

baldur2630 · 06-08-2011, 11:18 AM

What exactly IS Samhain? Why should I use it? How does one turn it off if I decide I don't need it anf how do I turn down the Log Level if I do?

unSpawn · 06-08-2011, 06:09 PM

Quote:

Originally Posted by baldur2630

What exactly IS Samhain? Why should I use it? How does one turn it off if I decide I don't need it anf how do I turn down the Log Level if I do?

That post just signifies the fact you didn't even bother to read the manual AlucardZero presented you with. Please at least try to make an effort.