Hi Guys, Today returned home from work, saw that instead of X on my laptop virtual console is opened. That pretty amused me, -- almost never shutdown my laptop if it stays home. Looking into last command output I saw that a reboot happened around 11:29 Apr 28:
__ sevenfou pts/1 :0 Mon Apr 28 19:23 - down (00:31) sevenfou pts/0 :0 Mon Apr 28 19:21 - down (00:32) root tty3 Mon Apr 28 19:21 - 19:30 (00:08) sevenfou pts/0 XXXXXXXXXXXXX Mon Apr 28 15:56 - 16:38 (00:41) reboot system boot 3.13-1-amd64 Mon Apr 28 11:29 - 19:54 (08:24) sevenfou pts/9 :0 Sun Apr 27 10:31 - 16:50 (06:18) sevenfou pts/9 :0 Sun Apr 27 01:26 - 01:36 (00:10) __ here is /var/log/syslog: __ Apr 28 11:25:01 lefrat /USR/SBIN/CRON[28141]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Apr 28 11:25:16 lefrat kernel: [306970.108480] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=43730 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:25:16 lefrat kernel: [306970.109093] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=43731 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:25:16 lefrat kernel: [306970.109670] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=43732 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:27:01 lefrat /USR/SBIN/CRON[30771]: (root) CMD (/usr/local/sbin/batlow) Apr 28 11:29:37 lefrat rsyslogd: [origin software="rsyslogd" swVersion="7.6.3" x-pid="2239" x-info="http://www.rsyslog.com";] start Apr 28 11:29:37 lefrat kernel: [ 0.000000] Initializing cgroup subsys cpuset Apr 28 11:29:37 lefrat kernel: [ 0.000000] Initializing cgroup subsys cpu Apr 28 11:29:37 lefrat kernel: [ 0.000000] Initializing cgroup subsys cpuacct Apr 28 11:29:37 lefrat kernel: [ 0.000000] Linux version 3.13-1-amd64 (debian-ker...@lists.debian.org) (gcc version 4.8.2 (Debian 4.8.2-16) ) #1 SMP Debian 3.13.10-1 (2014-04-15) Apr 28 11:29:37 lefrat kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.13-1-amd64 root=/dev/sda1 ro Apr 28 11:29:37 lefrat kernel: [ 0.000000] Disabled fast string operations Apr 28 11:29:37 lefrat kernel: [ 0.000000] e820: BIOS-provided physical RAM map: __ /var/log/debug: __ Apr 28 11:25:16 lefrat kernel: [306970.108480] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TO S=0x00 PREC=0x00 TTL=50 ID=43730 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:25:16 lefrat kernel: [306970.109093] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TO S=0x00 PREC=0x00 TTL=50 ID=43731 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:25:16 lefrat kernel: [306970.109670] iptables denied: IN=wlan1 OUT= MAC=e0:94:67:0c:20:2c:54:04:a6:e8:1d:a4:08:00 SRC=173.194.39.132 DST=192.168.1.218 LEN=40 TO S=0x00 PREC=0x00 TTL=50 ID=43732 PROTO=TCP SPT=443 DPT=60021 WINDOW=0 RES=0x00 RST URGP=0 Apr 28 11:29:37 lefrat kernel: [ 0.000000] DMI: LENOVO 4286CTO/4286CTO, BIOS 8DET69WW (1.39 ) 07/18/2013 Apr 28 11:29:37 lefrat kernel: [ 0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved Apr 28 11:29:37 lefrat kernel: [ 0.000000] e820: remove [mem 0x000a0000-0x000fffff] usable Apr 28 11:29:37 lefrat kernel: [ 0.000000] MTRR default type: uncachable Apr 28 11:29:37 lefrat kernel: [ 0.000000] MTRR fixed ranges enabled: Apr 28 11:29:37 lefrat kernel: [ 0.000000] 00000-9FFFF write-back Apr 28 11:29:37 lefrat kernel: [ 0.000000] A0000-BFFFF uncachable Apr 28 11:29:37 lefrat kernel: [ 0.000000] C0000-FFFFF write-protect Apr 28 11:29:37 lefrat kernel: [ 0.000000] MTRR variable ranges enabled: __ /var/log/auth.log: __ Apr 28 11:25:01 lefrat CRON[28140]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 28 11:25:01 lefrat CRON[28140]: pam_unix(cron:session): session closed for user root Apr 28 11:27:01 lefrat CRON[30770]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 28 11:27:01 lefrat CRON[30770]: pam_unix(cron:session): session closed for user root Apr 28 11:29:38 lefrat sshd[2527]: Server listening on 0.0.0.0 port xxxxx. Apr 28 11:30:03 lefrat CRON[2635]: pam_unix(cron:session): session opened for user sevenfourk by (uid=0) Apr 28 11:30:03 lefrat CRON[2633]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 28 11:30:03 lefrat CRON[2634]: pam_unix(cron:session): session opened for user sevenfourk by (uid=0) Apr 28 11:30:03 lefrat CRON[2633]: pam_unix(cron:session): session closed for user root __ Also there was no any power losses for sure: __ Apr 28 11:18:01 /usr/local/sbin/batlow: Battery: Normal: 99% Apr 28 11:21:01 /usr/local/sbin/batlow: Battery: Normal: 99% Apr 28 11:24:01 /usr/local/sbin/batlow: Battery: Normal: 99% Apr 28 11:27:01 /usr/local/sbin/batlow: Battery: Normal: 99% Apr 28 11:30:03 /usr/local/sbin/batlow: Battery: Normal: 99% Apr 28 11:33:01 /usr/local/sbin/batlow: Battery: Normal: 99% __ Very strange, hopefully I'm not paranoid. No one was at home at that time. Maybe I'm missing something, maybe another log to check. I would be glad if someone shares some thoughts on looking into details on reboot info. Thanks, Ivan.
signature.asc
Description: Digital signature
