SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Sounds like syslog isn't running, do a "ps ax | grep syslog" and see what comes up. Then, if the syslog daemon isn't there, restart it and see if it comes back.
Should I be concerned? syslogd isn't something I would stop, but I see no evidence of an intruder entering. Of course, anyone with privilages to stop syslogd could also cover their tracks.
I'm not the best to field this. But do you have tripwire installed? Or some other form of checksum information for the drive? With syslog down, there really is no way to tell. Check your /etc/passwd for any usernames, do a netstat -l for any open ports, run nessus on your box from a remote box, do a dmesg and see if that shows anything. Do you have a firewall on the box? Dmesg will have iptables info. That's just a start, hopefully somebody else can send you in the right direction. One thing, if this is a production box, you should already have a plan or concept of how you will determine an intrusion, maybe now is the time to document your steps and be ready for next time. Good luck!
Looks like a false alarm. Turns out syslogd crashed when /var/log/syslog reached 2.0 GB. So, no intruder, but I have another mystery. My syslog.3 file is filled with lines like this:
Code:
Nov 22 13:52:27 Nimitz inetd[2163]: /usr/sbin/famd: exit status 0x1
Nov 22 13:52:27 Nimitz inetd[31722]: execv /usr/sbin/famd: No such file or directory
Looks like dropline gnome strikes again. Dropline stopped working for me, so I did an uninstall, which borked my whole system. I should have just started over at that point, but instead I just used swaret to get X and KDE back. Now I'm regretting that again because fam was a dropline package, and the entry in /etc/inet.d remained after the uninstall.
This isn't what I'd call a production box. Just my home PC. It's protected by an IPCop firewall, so I'm pretty confident no one is getting in, but the missing log files really made me worried.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
