[CentOS] mysterious weekly shutdown

Mon Apr 12 17:43:37 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Frank wrote:
> On Mon, 2010-04-12 at 13:19 -0400, m.roth at 5-cent.us wrote:
>> This - I wonder if someone's somehow getting in. Anything in
>> /var/log/secure for 12:43?
> Apr  9 18:13:46 answeringmachine gdm[2965]: pam_unix(gdm:session):
> session opened for user freeads by (uid=0)
> Apr 10 12:43:49 answeringmachine gdm[2965]: pam_unix(gdm:session):
> session closed for user freeads
> Apr 10 12:43:53 answeringmachine sshd[2516]: Received signal 15;
> terminating.
> Apr 10 12:43:53 answeringmachine runuser: pam_unix(runuser:session):
> session opened for user frankcox by (uid=0)
> Apr 10 12:43:53 answeringmachine runuser: pam_unix(runuser:session):
> session closed for user frankcox

*This, I don't understand. Either freeads or frankcox shut the system
down, it looks like to me. Could your account have been compromised?

> Apr 12 09:53:49 answeringmachine sshd[2518]: Server listening on :: port
> 22.
>> Here's a thought: does it have bluetooth enabled? Is it in range to
>> talk to someone *else's* bluetooth keyboard? Is anyone near enough to
>> shut down their machine, and/or accidentally yours?
> There is no bluetooth or wireless anything on this, other than a
> wireless mouse.  Everything else is hard-wired.
>> Is this machine hardwired? If so, you do NOT need the avahi-daemon, on
>> by default, which is intended for a clueless home user to set up a
>> network. Turn it *off*, and yank the firewall rule that allows it.
> Interesting.  I never realized (or thought about) that. I shall do a
> bunch of turning-off of avahi-daemon on these machines.

Yes. Turn them *all* off. Actually, in a server room, you could having
other, obscure problems, as wireless tries to connect.