Re: Linux just shutdown at exactly 1:30pm for no reason... please help!

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 10/01/05

  • Next message: Rick: "Re: Make new files have different owner/group"
    Date: Sat, 01 Oct 2005 13:15:26 -0500
    
    

    In the Usenet newsgroup comp.os.linux.security, in article
    <1128117247.459661.44750@g14g2000cwa.googlegroups.com>, Gumby wrote:

    >* I believe this was RH 6.1 but I've updated the kernel occasionally
    >(it's an alpha processor so I don't really use the regular RH system
    >anymore; I might switch over to the new alpha core 1.0a, though).

    'cat /etc/redhat-release' (or the more generic 'cat /etc/*release' and
    'cat /etc/*version') should tell you the "base" install. Red Hat hasn't
    been doing much with the Alpha since roughly 2001 (7.1 was the last
    release, and errata stopped possibly as late as mid-2003). I know Debian
    still has an Alpha tree, and I believe there are others.

    >The machine's behind a router and a firewall and only about five ports
    >are open (it's a simple web/email server).

    Is the web server accessible from outside? Apache has had a few updates
    since 2002.

    >I did run a bunch of tools and everything comes up clean so I'm leaning
    >towards a machine failure, as well... it was just worrisome that
    >there's literally nothing in any of the logs

    In the classic mode - how much of a chance is there for the system to
    write anything when (for example) someone yanks the power plug?. If you
    are running the older e2fs file system, on boot, you would see something
    about the file system not being unmounted cleanly, but if the buffers
    were empty when the system died, there would not _likely_ be file system
    indications, other than the not unmounted cleanly message.

    >(although, I do agree that if it was compromised that nothing's believable
    >on it... but, at the same time, it doesn't really make sense for a hacker
    >to just come on and shutdown the machine and hose the logs on just that).
    >I'm not totally convinced the machine wasn't compromised but I am decidedly
    >leaning towards the machine failure theory.

    You've also got a minor 'security by obscurity' going for you - because
    while someone could (for example) use an Apache exploit to gain access and
    possibly root, Alpha root kits are just not very common.

            Old guy


  • Next message: Rick: "Re: Make new files have different owner/group"