Re: DD machine mysterious reboot
On Sun, October 29, 2006 16:08, Adam C Powell IV wrote:
> Greetings,
>
>
> One of my machines mysteriously rebooted yesterday at 7:42 AM without
> any prompting. It could not have been a power outage; tried pulling the
> plug and it does not come back up automatically when plugged back. And I
> don't have automatic security upgrades on the machine (not sure if those
> trigger a reboot).
>
> There's nothing especially suspicious in the logs, just a bunch of
> user/password guesses via ssh, which is port forwarded from a separate
> firewall/router, and is the only externally open port on that
> firewall/router. /var/log/messages has --MARK-- entries right up to 7:20,
> a syslog restart at 7:35 (per cron, as usual), then another syslog restart
> and booting messages starting at 7:42.
Did you do a 'last | head'. Harder to erase entries (not impossible).
You can deter the crack attempts by putting SSH on a different port. Most
scanners don't go up too high. For example, you could put the port at
22222 (don't use that one, just an example). With your router, simply set
some high port to forward to your machine at the normal 22. For machines
on the net, just change the port in /etc/ssh/sshd_conf, I think.
> I guess I'm wondering: how concerned should I be? Can you think of
> other reasons the machine might have auto-rebooted? It appears to have
> happened right after the morning cron exercises; do any common cron jobs
> reboot the machine? I'd like to avoid a reinstall if possible, but if I
> can't come up with an explanation other than a break-in, I'll have to bite
> the bullet and do it. :-(
I'd be pretty concerned. It might not be a software issue. I have had
something similar when I used lower quality hardware on one machine. Logs
showed nothing, just the reboot happening. I don't remember the specific
machine (I got rid of it), but if I remember right it was either a
motherboard or memory issue.
Reply to: