SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sounds like syslog isn't running, do a "ps ax | grep syslog" and see what comes up. Then, if the syslog daemon isn't there, restart it and see if it comes back.
Should I be concerned? syslogd isn't something I would stop, but I see no evidence of an intruder entering. Of course, anyone with privilages to stop syslogd could also cover their tracks.
I'm not the best to field this. But do you have tripwire installed? Or some other form of checksum information for the drive? With syslog down, there really is no way to tell. Check your /etc/passwd for any usernames, do a netstat -l for any open ports, run nessus on your box from a remote box, do a dmesg and see if that shows anything. Do you have a firewall on the box? Dmesg will have iptables info. That's just a start, hopefully somebody else can send you in the right direction. One thing, if this is a production box, you should already have a plan or concept of how you will determine an intrusion, maybe now is the time to document your steps and be ready for next time. Good luck!
Looks like a false alarm. Turns out syslogd crashed when /var/log/syslog reached 2.0 GB. So, no intruder, but I have another mystery. My syslog.3 file is filled with lines like this:
Code:
Nov 22 13:52:27 Nimitz inetd[2163]: /usr/sbin/famd: exit status 0x1
Nov 22 13:52:27 Nimitz inetd[31722]: execv /usr/sbin/famd: No such file or directory
Looks like dropline gnome strikes again. Dropline stopped working for me, so I did an uninstall, which borked my whole system. I should have just started over at that point, but instead I just used swaret to get X and KDE back. Now I'm regretting that again because fam was a dropline package, and the entry in /etc/inet.d remained after the uninstall.
This isn't what I'd call a production box. Just my home PC. It's protected by an IPCop firewall, so I'm pretty confident no one is getting in, but the missing log files really made me worried.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
