Re: Linux just shutdown at exactly 1:30pm for no reason... please help!
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: Sat, 01 Oct 2005 13:15:26 -0500
In the Usenet newsgroup comp.os.linux.security, in article
<email@example.com>, Gumby wrote:
>* I believe this was RH 6.1 but I've updated the kernel occasionally
>(it's an alpha processor so I don't really use the regular RH system
>anymore; I might switch over to the new alpha core 1.0a, though).
'cat /etc/redhat-release' (or the more generic 'cat /etc/*release' and
'cat /etc/*version') should tell you the "base" install. Red Hat hasn't
been doing much with the Alpha since roughly 2001 (7.1 was the last
release, and errata stopped possibly as late as mid-2003). I know Debian
still has an Alpha tree, and I believe there are others.
>The machine's behind a router and a firewall and only about five ports
>are open (it's a simple web/email server).
Is the web server accessible from outside? Apache has had a few updates
>I did run a bunch of tools and everything comes up clean so I'm leaning
>towards a machine failure, as well... it was just worrisome that
>there's literally nothing in any of the logs
In the classic mode - how much of a chance is there for the system to
write anything when (for example) someone yanks the power plug?. If you
are running the older e2fs file system, on boot, you would see something
about the file system not being unmounted cleanly, but if the buffers
were empty when the system died, there would not _likely_ be file system
indications, other than the not unmounted cleanly message.
>(although, I do agree that if it was compromised that nothing's believable
>on it... but, at the same time, it doesn't really make sense for a hacker
>to just come on and shutdown the machine and hose the logs on just that).
>I'm not totally convinced the machine wasn't compromised but I am decidedly
>leaning towards the machine failure theory.
You've also got a minor 'security by obscurity' going for you - because
while someone could (for example) use an Apache exploit to gain access and
possibly root, Alpha root kits are just not very common.