LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-13-2004, 02:42 PM   #1
Post Modern
Member
 
Registered: Nov 2002
Location: Massachusetts
Distribution: Fedora Core, RH, Mandrake, Xandros, Knoppix
Posts: 110

Rep: Reputation: 15
What the heck is THIS ??


.
.
OK - so I was reading some of the posts on Nix Security, and came across a post titled "Damn Script Kiddies".

So, just for the heck of it, I checked my /var/log/messages, and ran into this:

Oct 22 18:08:57 build-master syslogd 1.4.1#10: restart.
Oct 22 18:09:04 build-master exiting on signal 15

Now, if I'm not on acid, this says to build a master log, restart and exit on Oct. 22 - but it's only the 13th today as I'm posting this.

And, this box didn't exist last year......

Am I being set up ??

I'm running Xandros, no server setup, no fancy stuff, just vanilla Xandros 1.0 on a Pentium 866 box.

Sup wit dis ??

(Oops - Hi everyone, I'm the new kid on the block...)

Last edited by Post Modern; 10-13-2004 at 03:00 PM.
 
Old 10-13-2004, 02:44 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
what does the 'date' command tell you?

FWIW, syslog normally has to stop and restart itself regularly for log rotation.
 
Old 10-13-2004, 03:05 PM   #3
Post Modern
Member
 
Registered: Nov 2002
Location: Massachusetts
Distribution: Fedora Core, RH, Mandrake, Xandros, Knoppix
Posts: 110

Original Poster
Rep: Reputation: 15
.
.
Wed.Oct 13 14:15:20 EDT 2004

But, why would my system log an action/date that hadn't come to pass yet ??
.
.
PM

Last edited by Post Modern; 10-13-2004 at 03:07 PM.
 
Old 10-13-2004, 03:14 PM   #4
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Interesting question. Are you sure the date wasn't changed by an accident? Also, browse /var/log/messages and see when the anomaly starts and ends (are there only messages from Oct 22 or also from other dates in future).
 
Old 10-13-2004, 03:23 PM   #5
Post Modern
Member
 
Registered: Nov 2002
Location: Massachusetts
Distribution: Fedora Core, RH, Mandrake, Xandros, Knoppix
Posts: 110

Original Poster
Rep: Reputation: 15
.
.
Those two lines are it - there's nothing else, which seems odd, because this system's
been up about 10 Mos, so if it regularly starts and stops, wouldn't I have at least a slightly larger log ??

(Unless Xandros does something different than my Red Hat and Mandrake boxen)
(I've got about a half dozen of them running in the house... )

PM
.
.

BTW: Thanks for the help. guyz....

Last edited by Post Modern; 10-13-2004 at 10:04 PM.
 
Old 10-14-2004, 04:53 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
- what does your syslog.conf look like? Maybe you're not logging much.
- what does your logrotate.d look like for syslog? If it rotates old logs try to check them for info.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
why the heck..... bvav22 Linux - Software 10 05-11-2005 09:37 PM
What the heck .. Xvium Linux - Hardware 2 04-11-2005 01:51 AM
What the heck??? scrible Linux - Newbie 10 01-03-2005 07:38 PM
What in the heck is this??? slackMeUp Slackware 2 04-05-2004 05:26 PM
What the heck? Diablotrickster Linux - Networking 7 08-30-2003 10:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration