[CentOS] Syslog
William L. Maltby
BillsCentOS at triad.rr.com
Tue Jun 27 19:48:19 UTC 2006
On Tue, 2006-06-27 at 15:06 -0400, Sam Drinkard wrote:
>
> Jason Bradley Nance wrote:
>
> >> <snip>
> AFIK, the machine has not been compromised. It's pretty well sealed off
> with the exception of myself and 2 other very trusted users. Not exposed
> even on port 80. Named is really only caching, and I do know from past
> kills, it does write to /var/log/messages. I'm very tempted to boot
> again and see if something shows up somewhere else, but one of my main
> jobs just started up and I hate to kill it off due to time constraints.
Well, if you're not worried about a compromise under these
circumstances... ;-)) I'd let your jobs finish and not sweat about it.
You said you had plenty of disk space, did you "df -i" to see if you
exhausted your i-nodes (unlikely, I know, but no assumptions are
warranted now).
Do you have quotas? Any chance they hit someone they weren't supposed to
hit? Permissions on the directoy still as they should be?
[wild-bill at wlmlfs08 ~]$ ls -dl /var/log
drwxr-xr-x 22 root root 4096 Jun 25 04:02 /var/log
As folks have mentioned in other threads, a chkrootkit run might be
appropriate if you can't find the cause.
>
--
Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060627/a3686315/attachment.sig>
More information about the CentOS
mailing list