MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am wanting to know if it is possible for someone on the internet (hacker) to get access into my mandrake 9.1 distro (without a firewall ) and do something that would cause it to reboot unexpectedly?
Just need to know as was on the internet and reading about smoothwall and listing to some music, and out of the blue my machine reboots !
Hi firestomper41,
first, to answer your question: This is highly unlikely.
You can check your system's logs from right before the shutdown (or reboot for that matter), if you like, with this command:
Code:
cat /var/log/messages | grep "runlevel: 0" -B 5
This command shows the content of your logs and shows you five lines before the system reported that it would shut down now.
It should say somewhere in there, why the computer decided a reboot was necessary. You might want to use a larger value than 5, if it just gives you the same stuff over and over.
I hope this gives you a clue as to what really happened,
- drowstar
Let me add a little something, which is of concern to me and many people in the free software community:
Your usage of the term "hacker" is somewhat inaccurate. Hackers are the good guys, who find security holes and report (not exploit) them. In fact, you stand a good chance of meeting some here on linuxquestions.
The correct term for this [insert not-nice term here] is "cracker".
Crackers usually have no reason to reboot the system. The like to remain as much invisible and their processes to go unnoticed as possible. So no opening CD trays and malarky like that... Drowstar is right. Logs are the first place to check. Also check "last -30". If your box crashed for an unknown reason this could show an entry showing "crash" instead og logout time. Check your messages for system oopses. Reboots not initiated by users or apps usually are due to overheating (overclocking) or bad RAM.
The only thing that i can find under the logs that is strange is that at about 10.30 i connected to the net and it gives information about the local ip address and remote address and primary & secondary dns address and then the entry after that is restart at 10.44. So it must have been some kind of ppp error that caused it to restart, this could make sense as i was connected at the time when it restarted.
Just out interest: how safe is a linux machine without a firewall active?
Last edited by firestomper41; 05-08-2004 at 10:21 AM.
Have looked at that and seems complicated to setup as i don't know what to enter. For a windows user this is quite imtimidating as with windows it is activate and go, and with this you have to tell it what you want firewalled.
I have to disagree with some of the comments in this thread... if a "cracker" hacked your system.. I am sure the logs would be cleaned (if the cracker is indeed a cracker). If a cracker is going to break into a system he/she will cover up all traces of entry.
the most common mistake a novice "cracker" will make.. is forgetting to remove his commands .bash_history. That would be the first place I would look if any thing is suspected. If your system is acting weird.. and diffren't for no apparent reason and you think you may of been hacked... I would backup what you need... and debug the drive and reinstall
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.