Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-07-2006, 10:51 AM
|
#1
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Rep:
|
Could my machine have got cracked?
Owing to a slight mistake on my part, I had disabled the firewall in my local machine, exposing the running Apache webserver and mysql server to the internet. I have a static IP address on my machine.
I didn't really notice that the firewall was disabled until I saw that an unusual amount of network traffic was going on even when I wasn't browsing. It was both incoming and outgoing traffic and browsing had become very slow.
Since then I've restarted the firewall (iptables) and the network activity is back to normal. But since my server running was exposed to the internet on a static IP, would there be a chance I might have been hacked or somebody might have gained a backdoor to my system?
I don't normally browse as root and I am logged in as a normal user.
I am running Debian.
Last edited by vharishankar; 09-07-2006 at 10:54 AM.
|
|
|
09-07-2006, 11:40 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
since my server running was exposed to the internet on a static IP, would there be a chance I might have been hacked or somebody might have gained a backdoor to my system?
Standard drill, check your system, check out:
- Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html
Basically:
- how long was the box exposed? (gives period to check),
- what publicly accessable daemons where running during that period?,
- what do your syslog and daemon logs say?,
- any auth data (passwd, group, shadow) changed/added?,
- any login attempts recorded?,
- what does your distro's package manager say (debsums)?
- what does your file integrity checker (if installed) say?
- what do Chkrootkit and/or Rootkit Hunter say?
In the event of uncertainty, do you have backups to verify integrity with?
|
|
|
09-07-2006, 10:08 PM
|
#3
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
Thanks unspawn.
It was probably like that for about an hour or just more than that. Publicly accessible daemons were Apache, MySQL, CUPS, syslogd. Is there any way to get a full list of processes? How do I capture the result of "top"?
|
|
|
09-07-2006, 11:18 PM
|
#4
|
Member
Registered: May 2004
Posts: 552
Rep:
|
This is a script that formats the output of netstat in an easy to read form, it displays all process names that have tcp/udp listening sockets open. Try it and you might be able to tweak it for your own preferences.
Code:
#!/bin/bash
printf "%-6s %-30s %-30s %-16s %-8s %-6s %s\n" "Proto" "Local Address" "Foreign Address" "State" "User" "PID" "Program name"
netstat -patue $1 $2 | sed '1,2d' | while read a b c d e f g h i; do
if [ -z "$i" ]; then
# a b c d e f g h i=""
# udp 0 0 entropy:domain *:* root 6492 2770/named
pid="`echo "$h" | cut -d '/' -f 1`"
name="`echo "$h" | cut -d '/' -f 2`"
printf "%-6s %-30s %-30s %-16s %-8s %-6s %s\n" "$a" "$d" "$e" "-" "$f" "$pid" "$name"
else
# a b c d e f g h i
# tcp 0 0 entropy:domain *:* LISTEN root 6493 2770/named
pid="`echo "$i" | cut -d '/' -f 1`"
name="`echo "$i" | cut -d '/' -f 2`"
printf "%-6s %-30s %-30s %-16s %-8s %-6s %s\n" "$a" "$d" "$e" "$f" "$g" "$pid" "$name"
fi
done | sort -g -k 6
Edit: forgot to say, run it as root or all the information will not be displayed
Last edited by randyding; 09-07-2006 at 11:22 PM.
|
|
|
09-08-2006, 03:32 AM
|
#5
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
Thanks randyding.
|
|
|
09-08-2006, 03:43 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
Publicly accessible daemons were Apache, MySQL, CUPS, syslogd.
All versions current? Anything running on top of Apache? Any PHP-based blogs, wiki's or like that?
Is there any way to get a full list of processes?
As root: "ps axfwwwe" should give the full list if there's no foul play.
How do I capture the result of "top"?
As root: "top -bn1".
And how come you haven't answered the other questions?
|
|
|
09-08-2006, 04:26 AM
|
#7
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
Problem is I'm a newbie when it comes to hardcore security issues.
I've never run my own public server and the home server I'm using is just for local development. I've just used the firewall (guarddog) to block out every outgoing connection. That's all.
So far things look fine to me. I did a chkrootkit once and didn't turn up anything suspicious.
I checked the Apache (version 2.0.55) logs, but didn't find suspicious IPs recorded there. Just 127.0.0.1
Here's the output of top:
Code:
top - 14:58:04 up 6:33, 1 user, load average: 0.22, 0.35, 0.31
Tasks: 88 total, 1 running, 87 sleeping, 0 stopped, 0 zombie
Cpu(s): 10.0%us, 1.3%sy, 0.0%ni, 86.9%id, 0.9%wa, 0.1%hi, 0.8%si, 0.0%st
Mem: 516692k total, 506508k used, 10184k free, 73508k buffers
Swap: 1036140k total, 160k used, 1035980k free, 202108k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 16 0 1932 660 560 S 0.0 0.1 0:00.96 init
2 root 34 19 0 0 0 S 0.0 0.0 0:00.01 ksoftirqd/0
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
4 root 10 -5 0 0 0 S 0.0 0.0 0:00.29 events/0
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 khelper
6 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
8 root 10 -5 0 0 0 S 0.0 0.0 0:00.23 kblockd/0
9 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid
158 root 15 0 0 0 0 S 0.0 0.0 0:00.37 pdflush
159 root 15 0 0 0 0 S 0.0 0.0 0:00.44 pdflush
161 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
160 root 15 0 0 0 0 S 0.0 0.0 0:00.54 kswapd0
748 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 kseriod
1537 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khpsbpkt
1538 root 15 0 0 0 0 S 0.0 0.0 0:00.00 knodemgrd_0
1625 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
1643 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
2046 root 10 -5 0 0 0 S 0.0 0.0 0:00.04 reiserfs/0
2207 root 18 -4 2588 1036 356 S 0.0 0.2 0:00.57 udevd
3487 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kgameportd
3513 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
3723 root 20 0 0 0 0 S 0.0 0.0 0:00.00 shpchpd_event
4860 daemon 16 0 1684 368 272 S 0.0 0.1 0:00.00 portmap
5352 root 16 0 2680 920 784 S 0.0 0.2 0:00.05 syslogd
5358 root 16 0 1704 372 300 S 0.0 0.1 0:00.00 klogd
5394 root 18 0 2856 644 508 S 0.0 0.1 0:00.00 ptal-mlcd
5397 root 18 0 3624 476 292 S 0.0 0.1 0:00.00 ptal-printd
5430 root 16 0 5596 2248 1696 S 0.0 0.4 0:00.01 cupsd
5437 messageb 16 0 2164 772 652 S 0.0 0.1 0:00.00 dbus-daemon-1
5444 root 16 0 2660 684 524 S 0.0 0.1 0:00.11 dirmngr
5490 Debian-e 15 0 5392 980 684 S 0.0 0.2 0:00.00 exim4
5503 root 18 0 2548 820 720 S 0.0 0.2 0:00.00 inetd
5510 gnunet 18 0 61796 10m 1712 S 0.0 2.1 0:35.85 gnunetd
5526 root 15 0 2668 1332 1084 S 0.0 0.3 0:00.00 mysqld_safe
5565 mysql 16 0 115m 16m 4172 S 0.0 3.4 0:01.36 mysqld
5566 root 15 0 1564 500 428 S 0.0 0.1 0:00.00 logger
5670 root 18 0 12768 3000 1592 S 0.0 0.6 0:00.03 Xprt
5721 statd 18 0 2656 1016 900 S 0.0 0.2 0:00.00 rpc.statd
5735 daemon 16 0 1948 404 292 S 0.0 0.1 0:00.00 atd
5756 root 16 0 2304 868 692 S 0.0 0.2 0:00.00 cron
5796 root 16 0 9936 5156 1392 S 0.0 1.0 0:00.05 miniserv.pl
5807 root 16 0 22548 7840 5004 S 0.0 1.5 0:00.08 apache2
5833 root 17 0 2648 1160 904 S 0.0 0.2 0:00.00 login
5851 www-data 16 0 26512 10m 4004 S 0.0 2.1 0:00.17 apache2
5852 www-data 16 0 22684 4280 1388 S 0.0 0.8 0:00.00 apache2
5853 www-data 16 0 26512 10m 3996 S 0.0 2.1 0:00.15 apache2
5854 www-data 16 0 22684 4280 1388 S 0.0 0.8 0:00.00 apache2
5855 www-data 18 0 22548 3800 956 S 0.0 0.7 0:00.00 apache2
5856 hari 15 0 3632 1896 1260 S 0.0 0.4 0:00.00 bash
6059 hari 20 0 3284 1480 1036 S 0.0 0.3 0:00.00 startx
6075 hari 16 0 2408 672 552 S 0.0 0.1 0:00.00 xinit
6076 root 15 0 73240 47m 7372 S 0.0 9.5 11:42.87 Xorg
6092 hari 16 0 3300 1500 1040 S 0.0 0.3 0:00.01 startkde
6124 hari 16 0 24132 7284 5800 S 0.0 1.4 0:00.16 kdeinit
6127 hari 16 0 23928 2856 1656 S 0.0 0.6 0:00.23 dcopserver
6129 hari 16 0 25644 8508 7176 S 0.0 1.6 0:00.09 klauncher
6131 hari 15 0 30368 13m 10m S 0.0 2.6 0:00.92 kded
6136 hari 16 0 1556 348 280 S 0.0 0.1 0:00.03 kwrapper
6138 hari 16 0 24936 9580 7708 S 0.0 1.9 0:00.15 ksmserver
6139 hari 15 0 27324 12m 9m S 0.0 2.5 0:12.81 kwin
6141 hari 15 0 31632 16m 12m S 0.0 3.2 0:14.88 kdesktop
6143 hari 15 0 33080 16m 12m S 0.0 3.2 2:39.82 kicker
6149 hari 15 0 21540 7868 5640 S 0.0 1.5 0:00.91 artsd
6151 hari 15 0 24936 9224 7396 S 0.0 1.8 0:03.28 kaccess
6154 hari 16 0 28764 14m 11m S 0.0 2.8 0:00.31 kmix
6158 hari 16 0 29812 15m 12m S 0.0 3.0 0:00.53 kgpg
6161 hari 16 0 26388 13m 11m S 0.0 2.7 0:23.61 kget
6162 hari 15 0 22624 7960 6196 S 0.0 1.5 0:46.97 gkrellm
6180 hari 15 0 31764 12m 9904 S 0.0 2.5 0:02.75 knotify
6185 hari 16 0 29500 13m 11m S 0.0 2.7 0:00.39 korgac
6589 root -51 0 12320 6660 4968 S 0.0 1.3 0:00.30 artsd
6621 root 16 0 1576 492 420 S 0.0 0.1 0:00.00 getty
6627 root 16 0 1572 488 420 S 0.0 0.1 0:00.00 getty
6628 root 16 0 1572 488 420 S 0.0 0.1 0:00.00 getty
6629 root 16 0 1576 492 420 S 0.0 0.1 0:00.00 getty
6630 root 16 0 1576 492 420 S 0.0 0.1 0:00.00 getty
7084 hari 16 0 16728 3176 2416 S 0.0 0.6 0:00.00 kdesud
7326 www-data 16 0 22548 3800 956 S 0.0 0.7 0:00.00 apache2
7330 www-data 16 0 22548 3800 956 S 0.0 0.7 0:00.00 apache2
7364 hari 17 0 24336 7008 5492 S 0.0 1.4 0:00.00 kio_file
7382 hari 16 0 26808 12m 10m S 0.0 2.6 0:00.22 kio_uiserver
11174 hari 15 0 156m 75m 22m S 0.0 14.9 10:33.16 firefox-bin
11179 hari 16 0 4120 2400 1868 S 0.0 0.5 0:00.05 gconfd-2
12627 hari 15 0 30480 14m 11m S 0.0 2.9 0:01.32 konsole
12628 hari 15 0 3620 1924 1296 S 0.0 0.4 0:00.00 bash
12632 root 16 0 2828 1072 860 S 0.0 0.2 0:00.00 su
12634 root 16 0 3104 1624 1264 S 0.0 0.3 0:00.00 bash
12662 root 15 0 2228 1024 764 R 0.0 0.2 0:00.00 top
Last edited by vharishankar; 09-08-2006 at 04:29 AM.
|
|
|
09-08-2006, 06:09 AM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
Problem is I'm a newbie when it comes to hardcore security issues.
With all due respect, but the problem is you're hiding behind the newbie facade and saying it's "hardcore" only makes it harder for yourself and distracts from what you should do. You've been provided with enough means to return information even *if* you where clueless: this means you either didn't read the reply in full (then read again) or understand what it's about (then ask), or you are too stubborn or think you know it better (then you're SOL), don't have a sense of priority (again SOL) or don't have the will or urge to make sure your box is OK (SOL too).
So far things look fine to me.
The difference between things "looking fine" and making certain things are fine is the difference between what I asked you to do (lotsa stuff) and what nfo you returned (not enough). Without answering all questions in full and returning the requested information I just won't be able to help you.
|
|
|
09-08-2006, 06:56 AM
|
#9
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
Cool, cool, unSpawn, Sorry for the trouble. I never meant offence. I have no clue where to look for web access logs and such stuff. I looked at /var/log and it confuses me... I'm also not feeling too well at the moment and unable to concentrate on anything and certainly I've never got my head around to understanding the behaviour of daemons.
Again, apologies... but I've been a bit overwhelmed by the amount of information requested.
- how long was the box exposed? (gives period to check),
Already answered.
- what publicly accessable daemons where running during that period?,
Apart from apache, mysqld, exim (i'm not sure of this) and things like portmap, etc. etc. (I've posted the output of top)
- what do your syslog and daemon logs say?,
/var/log/syslog is *huge* (about 211MB) I have no idea what to look for. And it crashes the text editor when I try and open it.
- any auth data (passwd, group, shadow) changed/added?
I have only one user account and password hasn't been changed. Root password is also not changed. (There's a user called "nobody". That's standard isn't it?)
- any login attempts recorded?,
Again, where do I look for this? Also I don't have sshd enabled.
- what does your distro's package manager say (debsums)?
There's no program called debsums
- what does your file integrity checker (if installed) say?
???
- what do Chkrootkit and/or Rootkit Hunter say?
No suspicious activity found.
I can post daemon.log here, but it's a bit too big.
Last edited by vharishankar; 09-08-2006 at 07:11 AM.
|
|
|
09-08-2006, 07:47 AM
|
#10
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
removed. sorry, was feeling a bit irritable and under the weather when posting this.
Last edited by vharishankar; 09-08-2006 at 08:23 AM.
|
|
|
09-08-2006, 07:55 AM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
Sorry for the trouble. I never meant offence.
No need to apologise: you haven't offended me in any way. As fellow Linux user, as fellow LQ member and as LQ Linux Security forum moderator I am bound to take care of security incidents. My first concern is to have those handled decisively, efficiently and without ambiguity. Sometimes that means prodding on unwilling cattle :-]
I have no clue where to look for web access logs and such stuff.
Check /etc/syslog.conf for logfiles in use and the configuration files of running daemons for where they log to. (A quick and dirty way could be to start checking files from running as root "lsof -n +D /var/log" if /var/log is your main logfile directory but you will miss logs that aren't kept open, so it isn't really advisable.)
- what publicly accessable daemons where running during that period?,
Apart from apache, mysqld, exim (i'm not sure of this) and things like portmap, etc. etc.
The worst thing would be to take this and your "top" output and say it looks good w/o supplying the means to confirm that. (The only way is to examine the kernel and authentication databases for tampering, network connection, IDS and firewall logging information for "wierd" connections, process output for unwanted ones, file systems for changes and anomalies like binaries and setuid-root files in accessable temp dirs.)
After checking your logfiles (re)read the CERT Intruder Detection Checklist because it lists commands with which you can make the situation a bit more clear.
- what do your syslog and daemon logs say?,
/var/log/syslog is *huge* I have no idea what to look for.
There's no easy egrep regex to give for that. Start with something like egrep -i "[[:blank:]](err|fail|warn)" logfile and pipe through an egrep -v with terms you don't want to see like device and module errors. Iterate and adjust.
- any login attempts recorded?,
Again, where do I look for this? I don't have ssh enabled.
Like the CERT link says: the "last" command to see users that logged in (nice if you don't log in at four o'clock in the morning), "lastb" for failed logins (if enabled), "lastlog -t 5" for an overview of per-account logins over the last five days (-t 5), Chkrootkit's chkutmp and chkwtmp for consistency check, /var/(log|adm)/secure if in use.
- what does your distro's package manager say (debsums)?
There's no program called debsums
If it ain't there there's not much you can do about that.
- what does your file integrity checker (if installed) say?
???
I said "if installed".
- any auth data (passwd, group, shadow) changed/added?
I have only one user account and password hasn't been changed. Root password is also not changed.
OK. Good.
- what do Chkrootkit and/or Rootkit Hunter say?
No suspicious activity found.
OK. Good.
|
|
|
09-08-2006, 08:01 AM
|
#12
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
Thanks unSpawn. I got a bit upset by your response. I'm really trying hard to concentrate, but with a cold in my head, it's pretty hard and I'm in a weakened condition now... irritable and all.
I appreciate your help. Regards.
|
|
|
09-08-2006, 08:02 AM
|
#13
|
Senior Member
Registered: Dec 2003
Distribution: Debian
Posts: 3,178
Original Poster
Rep:
|
lastb gives me this output
Code:
hari Fri Aug 18 13:29 - 13:29 (00:00)
hari Fri Aug 18 13:29 - 13:29 (00:00)
UNKNOWN Wed Aug 9 16:19 - 16:19 (00:00)
UNKNOWN Wed Aug 9 08:22 - 08:22 (00:00)
UNKNOWN Wed Aug 9 08:22 - 08:22 (00:00)
hari Tue Aug 8 08:16 - 08:16 (00:00)
btmp begins Tue Aug 8 08:16:49 2006
This is the output of last
Code:
hari tty1 Fri Sep 8 09:16 still logged in
reboot system boot 2.6.16-1-k7 Fri Sep 8 09:16 - 18:37 (09:20)
hari tty1 Thu Sep 7 19:37 - down (03:26)
reboot system boot 2.6.16-1-k7 Thu Sep 7 19:36 - 23:03 (03:26)
hari tty1 Thu Sep 7 11:19 - down (06:47)
reboot system boot 2.6.16-1-k7 Thu Sep 7 11:19 - 18:07 (06:47)
hari tty1 Wed Sep 6 11:27 - down (09:35)
reboot system boot 2.6.16-1-k7 Wed Sep 6 11:27 - 21:03 (09:35)
hari tty1 Tue Sep 5 08:55 - down (12:12)
reboot system boot 2.6.16-1-k7 Tue Sep 5 08:55 - 21:08 (12:13)
hari tty1 Mon Sep 4 22:03 - down (00:57)
reboot system boot 2.6.16-1-k7 Mon Sep 4 22:03 - 23:00 (00:57)
hari tty1 Mon Sep 4 08:41 - down (10:55)
reboot system boot 2.6.16-1-k7 Mon Sep 4 08:41 - 19:37 (10:55)
hari tty1 Sun Sep 3 16:28 - down (06:28)
reboot system boot 2.6.16-1-k7 Sun Sep 3 16:28 - 22:57 (06:28)
hari tty1 Sun Sep 3 15:17 - down (00:07)
reboot system boot 2.6.16-1-k7 Sun Sep 3 15:17 - 15:25 (00:08)
hari tty1 Sun Sep 3 10:06 - down (04:59)
reboot system boot 2.6.16-1-k7 Sun Sep 3 10:06 - 15:06 (05:00)
hari tty1 Sat Sep 2 09:25 - down (06:52)
reboot system boot 2.6.16-1-k7 Sat Sep 2 09:25 - 16:18 (06:53)
hari tty1 Sat Sep 2 06:42 - down (01:18)
reboot system boot 2.6.16-1-k7 Sat Sep 2 06:42 - 08:00 (01:18)
hari tty1 Fri Sep 1 09:33 - down (12:45)
reboot system boot 2.6.16-1-k7 Fri Sep 1 09:32 - 22:19 (12:46)
hari tty1 Thu Aug 31 19:47 - down (02:07)
reboot system boot 2.6.16-1-k7 Thu Aug 31 19:47 - 21:54 (02:07)
hari tty1 Thu Aug 31 14:40 - down (03:04)
reboot system boot 2.6.16-1-k7 Thu Aug 31 14:40 - 17:45 (03:04)
hari tty1 Wed Aug 30 10:35 - down (01:13)
reboot system boot 2.6.16-1-k7 Wed Aug 30 10:35 - 11:48 (01:13)
hari tty1 Tue Aug 29 20:20 - down (00:43)
reboot system boot 2.6.16-1-k7 Tue Aug 29 20:19 - 21:03 (00:43)
hari tty1 Tue Aug 29 14:15 - down (02:02)
reboot system boot 2.6.16-1-k7 Tue Aug 29 14:15 - 16:17 (02:02)
hari tty1 Mon Aug 28 10:50 - down (01:12)
reboot system boot 2.6.16-1-k7 Mon Aug 28 10:50 - 12:02 (01:12)
hari tty1 Sun Aug 27 22:07 - down (00:36)
reboot system boot 2.6.16-1-k7 Sun Aug 27 22:06 - 22:43 (00:36)
hari tty1 Sun Aug 27 12:10 - down (01:32)
reboot system boot 2.6.16-1-k7 Sun Aug 27 12:10 - 13:42 (01:32)
hari tty1 Sat Aug 26 21:46 - down (01:48)
reboot system boot 2.6.16-1-k7 Sat Aug 26 21:45 - 23:34 (01:48)
hari tty1 Sat Aug 26 14:45 - down (02:05)
reboot system boot 2.6.16-1-k7 Sat Aug 26 14:45 - 16:51 (02:06)
hari tty1 Fri Aug 25 11:10 - down (02:04)
reboot system boot 2.6.16-1-k7 Fri Aug 25 11:10 - 13:15 (02:04)
hari tty1 Thu Aug 24 11:06 - down (08:14)
reboot system boot 2.6.16-1-k7 Thu Aug 24 11:06 - 19:21 (08:14)
hari tty1 Thu Aug 24 08:25 - down (01:51)
reboot system boot 2.6.16-1-k7 Thu Aug 24 08:25 - 10:17 (01:51)
hari tty1 Wed Aug 23 10:54 - down (02:19)
reboot system boot 2.6.16-1-k7 Wed Aug 23 10:53 - 13:13 (02:19)
hari tty1 Tue Aug 22 17:08 - down (02:58)
reboot system boot 2.6.16-1-k7 Tue Aug 22 17:08 - 20:07 (02:58)
reboot system boot 2.6.16-1-k7 Tue Aug 22 17:07 - 17:07 (00:00)
hari tty1 Mon Aug 21 10:09 - down (02:44)
reboot system boot 2.6.16-1-k7 Mon Aug 21 10:08 - 12:53 (02:44)
hari tty1 Sun Aug 20 12:03 - down (06:45)
reboot system boot 2.6.16-1-k7 Sun Aug 20 12:03 - 18:49 (06:46)
hari tty1 Sun Aug 20 11:00 - crash (01:02)
reboot system boot 2.6.16-1-k7 Sun Aug 20 11:00 - 18:49 (07:49)
reboot system boot 2.6.16-1-k7 Sun Aug 20 10:59 - 10:59 (00:00)
hari tty1 Fri Aug 18 13:29 - down (08:07)
reboot system boot 2.6.16-1-k7 Fri Aug 18 13:28 - 21:36 (08:08)
hari tty1 Fri Aug 18 13:27 - down (00:00)
reboot system boot 2.6.16-1-k7 Fri Aug 18 13:26 - 13:27 (00:00)
hari tty1 Fri Aug 18 08:20 - down (03:28)
reboot system boot 2.6.16-1-k7 Fri Aug 18 08:20 - 11:49 (03:28)
hari tty1 Wed Aug 16 14:24 - down (04:45)
reboot system boot 2.6.16-1-k7 Wed Aug 16 14:24 - 19:10 (04:46)
hari tty1 Wed Aug 16 14:22 - down (00:00)
reboot system boot 2.6.16-1-k7 Wed Aug 16 14:22 - 14:22 (00:00)
hari tty1 Tue Aug 15 10:39 - down (06:46)
reboot system boot 2.6.16-1-k7 Tue Aug 15 10:39 - 17:25 (06:46)
hari tty1 Tue Aug 15 10:37 - down (00:00)
reboot system boot 2.6.16-1-k7 Tue Aug 15 10:37 - 10:37 (00:00)
hari tty1 Mon Aug 14 14:59 - down (10:01)
reboot system boot 2.6.16-1-k7 Mon Aug 14 14:58 - 01:00 (10:01)
hari tty1 Mon Aug 14 10:54 - down (02:47)
reboot system boot 2.6.16-1-k7 Mon Aug 14 10:54 - 13:41 (02:47)
hari tty1 Fri Aug 11 10:22 - down (00:08)
reboot system boot 2.6.16-1-k7 Fri Aug 11 10:21 - 10:30 (00:08)
reboot system boot 2.6.16-1-k7 Thu Aug 10 22:34 - 22:34 (00:00)
hari tty1 Thu Aug 10 18:04 - down (00:43)
reboot system boot 2.6.16-1-k7 Thu Aug 10 18:04 - 18:48 (00:43)
hari tty1 Thu Aug 10 11:57 - down (02:09)
reboot system boot 2.6.16-1-k7 Thu Aug 10 11:57 - 14:06 (02:09)
hari tty1 Thu Aug 10 08:29 - down (01:22)
reboot system boot 2.6.16-1-k7 Thu Aug 10 08:29 - 09:51 (01:22)
reboot system boot 2.6.16-1-k7 Thu Aug 10 08:28 - 08:28 (00:00)
hari tty1 Wed Aug 9 16:19 - down (04:17)
reboot system boot 2.6.16-1-k7 Wed Aug 9 16:19 - 20:36 (04:17)
hari tty1 Wed Aug 9 16:15 - down (00:02)
reboot system boot 2.6.16-1-k7 Wed Aug 9 16:15 - 16:17 (00:02)
hari tty1 Wed Aug 9 13:31 - down (01:19)
reboot system boot 2.6.16-1-k7 Wed Aug 9 13:31 - 14:50 (01:19)
hari tty1 Wed Aug 9 13:28 - down (00:01)
reboot system boot 2.6.16-1-k7 Wed Aug 9 13:28 - 13:30 (00:01)
reboot system boot 2.6.16-1-k7 Wed Aug 9 13:27 - 13:27 (00:00)
reboot system boot 2.6.16-1-k7 Wed Aug 9 13:26 - 13:26 (00:00)
hari tty1 Wed Aug 9 11:03 - down (02:10)
reboot system boot 2.6.16-1-k7 Wed Aug 9 11:03 - 13:13 (02:10)
reboot system boot 2.6.16-1-k7 Wed Aug 9 11:02 - 11:02 (00:00)
hari tty1 Wed Aug 9 08:23 - down (00:50)
reboot system boot 2.6.16-1-k7 Wed Aug 9 08:21 - 09:13 (00:51)
hari tty1 Tue Aug 8 20:37 - down (01:43)
reboot system boot 2.6.16-1-k7 Tue Aug 8 20:37 - 22:21 (01:43)
hari tty1 Tue Aug 8 16:32 - down (02:10)
reboot system boot 2.6.16-1-k7 Tue Aug 8 16:32 - 18:43 (02:10)
hari tty1 Tue Aug 8 13:16 - down (02:53)
reboot system boot 2.6.16-1-k7 Tue Aug 8 13:16 - 16:09 (02:53)
hari tty1 Tue Aug 8 08:16 - down (00:59)
reboot system boot 2.6.16-1-k7 Tue Aug 8 08:16 - 09:16 (00:59)
reboot system boot 2.6.16-1-k7 Tue Aug 8 08:15 - 08:15 (00:00)
hari tty1 Mon Aug 7 19:54 - down (00:26)
reboot system boot 2.6.16-1-k7 Mon Aug 7 19:53 - 20:20 (00:27)
hari tty1 Mon Aug 7 22:44 - down (-3:-27)
reboot system boot 2.6.16-1-k7 Mon Aug 7 22:44 - 19:16 (-3:-27)
hari tty1 Mon Aug 7 19:16 - down (02:55)
reboot system boot 2.6.16-1-k7 Mon Aug 7 19:16 - 22:12 (02:55)
hari tty1 Sun Aug 6 19:37 - down (00:51)
reboot system boot 2.6.16-1-k7 Sun Aug 6 19:36 - 20:28 (00:51)
hari tty1 Sun Aug 6 15:39 - crash (03:57)
reboot system boot 2.6.16-1-k7 Sun Aug 6 15:39 - 20:28 (04:48)
reboot system boot 2.6.16-1-k7 Sun Aug 6 15:37 - 15:37 (00:00)
hari tty1 Sat Aug 5 17:58 - down (00:01)
reboot system boot 2.6.16-1-k7 Sat Aug 5 17:58 - 18:00 (00:01)
hari tty1 Sat Aug 5 13:35 - down (00:40)
reboot system boot 2.6.16-1-k7 Sat Aug 5 13:35 - 14:16 (00:40)
hari tty1 Sat Aug 5 09:23 - 10:23 (01:00)
reboot system boot 2.6.16-1-k7 Sat Aug 5 09:22 - 10:24 (01:01)
reboot system boot 2.6.16-1-k7 Sat Aug 5 09:21 - 09:21 (00:00)
reboot system boot 2.6.16-1-k7 Sat Aug 5 09:20 - 09:20 (00:00)
reboot system boot 2.6.16-1-k7 Sat Aug 5 09:19 - 09:19 (00:00)
hari tty1 Fri Aug 4 20:11 - down (00:07)
reboot system boot 2.6.16-1-k7 Fri Aug 4 20:11 - 20:18 (00:07)
hari tty1 Fri Aug 4 09:42 - down (10:03)
reboot system boot 2.6.16-1-k7 Fri Aug 4 09:41 - 19:46 (10:04)
wtmp begins Fri Aug 4 09:41:54 2006
Last edited by vharishankar; 09-08-2006 at 08:04 AM.
|
|
|
09-08-2006, 08:19 AM
|
#14
|
Moderator
Registered: May 2001
Posts: 29,415
|
Login errors from last august. Good.
Take your time gathering info, but keep it flowing and ask if anything is unclear.
|
|
|
09-08-2006, 08:25 AM
|
#15
|
Moderator
Registered: May 2001
Posts: 29,415
|
Uh. Forgot to mention. Narrow down your search to say one hour before the event and one day after correcting the error.
|
|
|
All times are GMT -5. The time now is 10:10 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|