system logging is not

Marty Landman mlandman at face2interface.com
Tue Feb 14 02:10:27 UTC 2006 

My RH9 gateway suddenly seems to have developed some problems today. The 
only thing special I recall doing was to change from a netgear hub to a 
linksys switch and add an 8th box to my lan. There is also a netgear switch 
to which this box is plugged in which used to uplink to the netgear hub but 
now uplinks to the linksys switch. All 8 computers were visible from my Win 
xp workstation after doing that btw.

Later I noticed that samba didn't seem to be working on my Win XP 
workstation - although it can SSH to the RH box. And it's still functioning 
as my LAN gateway. Saw a bunch of attempts on /var/log/samba/.log (is that 
a kosher name btw?) evidence of attempted break-ins from a day or two ago.

So not knowing what else to do I rebooted - windows user instinct :). 
Noticed during the reboot that system logging and httpd startup both 
FAILED. OTOH using Nautilus from the console I could find the other 7 
computers on the network, but not this computer itself.

Here's some shell stuff that I think illustrates some of what's going on:

[marty at BANYAN ~]$ pwd
/home/marty
[marty at BANYAN ~]$ ls -al /var/log
total 324
drwxr-xr-x   2 root     root         4096 Feb 13 18:46 .
drwxr-xr-x  21 root     root         4096 Jul 30  2005 ..
-rw-r--r--   1 root     root        28509 Feb 13 18:46 XFree86.0.log
-rw-r--r--   1 root     root        28584 Feb 13 18:20 XFree86.0.log.old
-rw-------   1 root     root            0 Feb 13 18:04 boot.log
-rw-------   1 root     root            0 Feb 13 18:04 cron
-rw-r--r--   1 root     root         6532 Feb 13 18:18 dmesg
-rw-r--r--   1 root     root        65631 Feb 13 18:18 ksyms.0
-rw-r--r--   1 root     root        65631 Feb 13 18:14 ksyms.1
-rw-r--r--   1 root     root        65631 Feb 13 18:04 ksyms.2
-rw-------   1 root     root            0 Feb 13 18:04 maillog
-rw-------   1 root     root            0 Feb 13 18:04 messages
-rw-------   1 root     root            0 Feb 13 18:04 secure
-rw-------   1 root     root            0 Feb 13 18:04 spooler
-rw-------   1 root     root          315 Feb 13 18:12 sudolog
-rw-rw-r--   1 root     utmp        30336 Feb 13 20:41 wtmp
[marty at BANYAN ~]$ df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/hdd1              5278644   2073532   2936972  42% /
/dev/hda1                99251      9324     84802  10% /boot
none                    127664         0    127664   0% /dev/shm
/dev/hda2              4035432     33080   3797360   1% /mnt/kramer
/dev/hdb1            241263968  32998936 196009448  15% /mnt/maestro
[marty at BANYAN ~]$ top
top: error while loading shared libraries: libncurses.so.4: cannot open 
shared object file: No such file or directory
[marty at BANYAN ~]$


-----------------------------------------------

At this point I wonder if my computer's been hijacked or somehow corrupted. 
Either way not sure what do to next.

Thanks in advance,

Marty


Marty Landman, Face 2 Interface Inc. 845-679-9387
Webmaster's Bulletin Board: http://bbs.face2interface.com/
Web Installed Formmail: http://face2interface.com/formINSTal

More information about the redhat-list mailing list