|> Given that the directory isn't being rotated, is contantly growing,
|> neither "keysmoop" nor "keysmoops" returns any hits on Google, and
|> that "smoop" looks suspiciously like "snoop"..
Forgive me; I mis-typed. The directory is actually `ksymoops' and it's
obviously not the result of a security breach.
According to kernelnotes.org, ksymoops is a program to:
Read a kernel Oops file and make the best stab at converting the code to
instructions and mapping stack values to kernel symbols.
At www.us.kernel.org we are told:
ksymoops - decode Linux kernel Oops messages. Also handles spinlock
and showPc diagnostics.
When you poke around a bit more (in the man page for insmod for
example), you discover that to overcome certain problems with
debugging kernel oops:
if directory /var/log/ksy-
moops exists then insmod and rmmod will automatically copy
/proc/ksyms and /proc/modules to /var/log/ksymoops with a
prefix of `date +%Y%m%d%H%M%S`. The system administrator
can tell ksymoops which snapshot files to use when debug-
ging an Oops. There is no switch to disable this auto-
matic copy, if you do not want it to occur, do not create
/var/log/ksymoops. If that directory exists, it should be
owned by root and be mode 644 or 600 and you should run
this script every day or so. The script below is
installed as insmod_clean_ksymoops.
Which all makes a kind of sense.
Except that I didn't create /var/log/ksymoops (I wouldn't have known
how to or why to; I had never heard of ksymoops before I noticed the
existence of the log files); it must have been created automatically
in the upgrade process from slink to frozen.
But that seems wrong, given how hard and time-consuming it turned out
to be to find out what the files were and what they are for; in the
meantime, the directory just kept growing and growing with eight new
files added each minute or so:
. . .
. . .
. . .
-rw-r--r-- 1 root root 1842 May 24 21:58 20000524215811.modules
-rw-r--r-- 1 root root 70151 May 24 21:58 20000524215812.ksyms
-rw-r--r-- 1 root root 2671 May 24 21:58 20000524215812.modules
-rw-r--r-- 1 root root 74557 May 24 21:58 20000524215813.ksyms
-rw-r--r-- 1 root root 3285 May 24 21:58 20000524215813.modules
-rw-r--r-- 1 root root 75002 May 24 21:58 20000524215814.ksyms
-rw-r--r-- 1 root root 3369 May 24 21:58 20000524215814.modules
-rw-r--r-- 1 root root 72660 May 24 21:59 20000524215956.ksyms
-rw-r--r-- 1 root root 2681 May 24 21:59 20000524215956.modules
-rw-r--r-- 1 root root 68075 May 24 21:59 20000524215957.ksyms
-rw-r--r-- 1 root root 2129 May 24 21:59 20000524215957.modules
-rw-r--r-- 1 root root 55266 May 24 21:59 20000524215958.ksyms
-rw-r--r-- 1 root root 1501 May 24 21:59 20000524215958.modules
-rw-r--r-- 1 root root 39156 May 24 22:00 20000524215959.ksyms
-rw-r--r-- 1 root root 650 May 24 22:00 20000524215959.modules
-rw-r--r-- 1 root root 22109 May 24 22:00 20000524220000.ksyms
-rw-r--r-- 1 root root 108 May 24 22:00 20000524220000.modules
-rw-r--r-- 1 root root 35488 May 24 22:00 20000524220014.ksyms
-rw-r--r-- 1 root root 408 May 24 22:00 20000524220014.modules
Oh well---another Linux learning experience, I suppose.
Jim
