[CentOS] Syslog

Tue Jun 27 19:48:19 UTC 2006
William L. Maltby <BillsCentOS at triad.rr.com>

On Tue, 2006-06-27 at 15:06 -0400, Sam Drinkard wrote:
> Jason Bradley Nance wrote:
> >> <snip>

> AFIK, the machine has not been compromised.  It's pretty well sealed off 
> with the exception of myself and 2 other very trusted users. Not exposed 
> even on port 80.  Named is really only caching, and I do know from past 
> kills, it does write to /var/log/messages.  I'm very tempted to boot 
> again and see if something shows up somewhere else, but one of my main 
> jobs just started up and I hate to kill it off due to time constraints.

Well, if you're not worried about a compromise under these
circumstances... ;-)) I'd let your jobs finish and not sweat about it.
You said you had plenty of disk space, did you "df -i" to see if you
exhausted your i-nodes (unlikely, I know, but no assumptions are
warranted now).

Do you have quotas? Any chance they hit someone they weren't supposed to
hit? Permissions on the directoy still as they should be?

[wild-bill at wlmlfs08 ~]$ ls -dl /var/log
drwxr-xr-x  22 root root 4096 Jun 25 04:02 /var/log

As folks have mentioned in other threads, a chkrootkit run might be
appropriate if you can't find the cause.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20060627/a3686315/attachment-0005.sig>