Jason Bradley Nance wrote: >> No, logging box -- everything as far as syslog and messages is >> default. SELINUX not enabled. Perms are correct on the file(s). >> Can't seem to find anything that would be causing writes to fail, but >> don't know for sure if anything has written yet either. I'll give a >> hup to named and see what happens. > > > Have you check the signature on the binaries to make sure someone > hasn't replaced your syslog with a cracked one? > > BTW, if you are running the chroot'd named most of it's stuff get's > written to /var/named/chroot/log/*, not syslog. > > AFIK, the machine has not been compromised. It's pretty well sealed off with the exception of myself and 2 other very trusted users. Not exposed even on port 80. Named is really only caching, and I do know from past kills, it does write to /var/log/messages. I'm very tempted to boot again and see if something shows up somewhere else, but one of my main jobs just started up and I hate to kill it off due to time constraints. -- Sam W.Drinkard -- sam at wa4phy.net NOAA Cooperative Observer KAGS (snow) http://wa4phy.net Augusta Area Mesonet