On Thu, 11 Jan 2001, Micah Yoder wrote:
> Weird happenings starting last week...
>
> /var/log/messages has no entries since jan 5. Permission is 600, so it
> should be writable.
>
> the 'userhelper' program's suid bit was taken away so I could no longer
> halt the system as a user. I fixed that.
>
> the 'man' program's sgid bit was unset so i couldn't view man pages.
> fixed that.
>
> I just realized while trying to start NFS that the file
> /etc/rc.d/init.d/nfs doesn't exist! nfslock does.
>
> When logging in on console, it prints a PAM message saying if the login
> succeeded or failed. That didn't used to happen.
>
> the wtmp file seems to not be messed with.
>
> A day or so before it started happening i was messing with network
> settings. But I think everything was normal for at least a day after
> that.
>
> What do you think? maybe cable modems aren't all they're cracked up to
> be.
>
> I am running a stock RH 6.2. I don't think I've even applied any
> patches.
>
> Thanks...
>
>
Well, if you are on a cable modem, and you haven't installed the latest
updates, then if you haven't been cracked, you will be! I would also
sugest using ipchains to set up a firewall, if you haven't already.
Now, for you logs. First run "/etc/rc.d/init.d/syslog status" and see
what if the system things syslogd and klogd are running. Then run
"/etc/rc.d/init.d/syslog restart" to get your logs going again. This
should also give you some of the log messages you missed.
After this, do a lot more checking to see if anything has changed.
"rpm -Va | less" or "rpm -Va > /tmp/changed.list" is a good first step.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
