Odd entry in syslog
 

Hi All,

Had a weird occurance just recently... Upon reboot of the server I noted the following in the syslog:

Apr 27 06:38:46 server kernel: RAMDISK: Loading 3272 blocks [1 disk] into ram disk... |^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-
^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H
-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^
H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/
^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H
/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^H/^H-^H\^H|^Hdone.

Don't remember seeing this before... Anyone have a prior sighting of this? Or suggestions as to what it is?

* EDIT *

Also I just noted this from auth.log:

Apr 27 03:03:48 server su[20501]: + ??? root:nobody
Apr 27 03:03:48 server su[20501]: (pam_unix) session opened for user nobody by (uid=0)

!!! Now I'm getting a little more concerned.... Already scanned all of the apache logs for recent posts and I didn't see anything anomalous....



Thanks,

Hi.

The |^H/^H-^H\^H|^H/^H-^H\^H|H/^H-^H\^H|^H/^H-^H\ bit is a progress spinner (^H means 'backspace'. Look at the characters between.). Nothing to worry about.

The auth.log entry looks like a demon dropping to a low level user account (Any demon that binds to a TCP port < 1025 has to be started as root, and they usually drop down to a different user soon after starting). If it was 'session opened for user root by nobody' then you should be worried.

Dave

Wicked! Thanks for the look-over Dave!