Odd entry in syslog

LinuxQuestions.org

Share your knowledge at the LQ Wiki.

		LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Odd entry in syslog

Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.

Exclusive for LQ members, get up to 45% off per month. Click here for more info.

Reply

Search this Thread

04-27-2005, 05:47 AM	#1
merana Member Contributing Member Registered: May 2002 Location: Philly/So. Jersey Distribution: ESXi CentOS Red-Hat Ubuntuu Solaris Debian Posts: 85 Rep:	Odd entry in syslog Hi All, Had a weird occurance just recently... Upon reboot of the server I noted the following in the syslog: Apr 27 06:38:46 server kernel: RAMDISK: Loading 3272 blocks [1 disk] into ram disk... \|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H- ^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H -^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^ H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/ ^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H /^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^H/^H-^H\^H\|^Hdone. Don't remember seeing this before... Anyone have a prior sighting of this? Or suggestions as to what it is? * EDIT * Also I just noted this from auth.log: Apr 27 03:03:48 server su[20501]: + ??? root:nobody Apr 27 03:03:48 server su[20501]: (pam_unix) session opened for user nobody by (uid=0) !!! Now I'm getting a little more concerned.... Already scanned all of the apache logs for recent posts and I didn't see anything anomalous.... Thanks, Last edited by merana; 04-27-2005 at 06:07 AM.

04-27-2005, 06:19 AM	#2
ilikejam Senior Member Contributing Member Registered: Aug 2003 Location: Glasgow Distribution: Fedora / Solaris Posts: 3,109 Rep:	Hi. The \|^H/^H-^H\^H\|^H/^H-^H\^H\|H/^H-^H\^H\|^H/^H-^H\ bit is a progress spinner (^H means 'backspace'. Look at the characters between.). Nothing to worry about. The auth.log entry looks like a demon dropping to a low level user account (Any demon that binds to a TCP port < 1025 has to be started as root, and they usually drop down to a different user soon after starting). If it was 'session opened for user root by nobody' then you should be worried. Dave Last edited by ilikejam; 04-27-2005 at 06:25 AM.

04-27-2005, 06:23 AM	#3
merana Member Contributing Member Registered: May 2002 Location: Philly/So. Jersey Distribution: ESXi CentOS Red-Hat Ubuntuu Solaris Debian Posts: 85 Original Poster Rep:	Wicked! Thanks for the look-over Dave!

Reply

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Syslog, where is this entry coming from? exim?	boyd98	Debian	1	04-05-2005 01:46 PM
Odd entry in my Apache logs	pembo13	Linux - Security	5	08-04-2004 07:33 AM
odd entry in /etc/passwd file	globeTrotter	Linux - Security	4	07-21-2004 09:27 PM
hosts entry for a lan unit with no dns entry	linxtc	Linux - Networking	1	10-03-2003 08:05 AM
Odd Log Entry	mikeyt_333	Linux - General	0	06-12-2002 04:45 PM

All times are GMT -5. The time now is 10:28 AM.

Main Menu

Advertisement

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

Twitter: @linuxquestions

Open Source Consulting | Domain Registration