Frank wrote: > > On Mon, 2010-04-12 at 13:19 -0400, m.roth at 5-cent.us wrote: >> This - I wonder if someone's somehow getting in. Anything in >> /var/log/secure for 12:43? > > Apr 9 18:13:46 answeringmachine gdm[2965]: pam_unix(gdm:session): > session opened for user freeads by (uid=0) > Apr 10 12:43:49 answeringmachine gdm[2965]: pam_unix(gdm:session): > session closed for user freeads > Apr 10 12:43:53 answeringmachine sshd[2516]: Received signal 15; > terminating. > Apr 10 12:43:53 answeringmachine runuser: pam_unix(runuser:session): > session opened for user frankcox by (uid=0) > Apr 10 12:43:53 answeringmachine runuser: pam_unix(runuser:session): > session closed for user frankcox *This, I don't understand. Either freeads or frankcox shut the system down, it looks like to me. Could your account have been compromised? > Apr 12 09:53:49 answeringmachine sshd[2518]: Server listening on :: port > 22. > >> Here's a thought: does it have bluetooth enabled? Is it in range to >> talk to someone *else's* bluetooth keyboard? Is anyone near enough to >> shut down their machine, and/or accidentally yours? > > There is no bluetooth or wireless anything on this, other than a > wireless mouse. Everything else is hard-wired. > >> Is this machine hardwired? If so, you do NOT need the avahi-daemon, on >> by default, which is intended for a clueless home user to set up a >> network. Turn it *off*, and yank the firewall rule that allows it. > > Interesting. I never realized (or thought about) that. I shall do a > bunch of turning-off of avahi-daemon on these machines. Yes. Turn them *all* off. Actually, in a server room, you could having other, obscure problems, as wireless tries to connect. mark