Re: Security: system reboot?
On Mon, Jan 20, 2003 at 11:11:00AM +0100, DEFFONTAINES Vincent wrote:
> If you find nothing in logs, possibly someone pressed CTRL ALT DEL?
> This happens often when people think they log in on a windoze NT box and
> press those keys without watching the screen.
> You can prevent that by editing /etc/inittab (comment the ctrlaltdel line)
> then "kill -1 1"
Because on Sunday there was nobody in the office. So the chance of CTRL
ALT DEL can be excluded.
>
> If you cannot find why your system rebooted, worry about it ; it might
> reveal a serious security compromission.
> You should check your system binaries with md5sum against a system you know
> is clean.
> And if I were you, I wouldn't give up until I find why the system rebooted,
> or I would reinstall it and (re)secure it.
I checked all the log files in /var/log. There is nothing strange in
these files. Before the strange rebooting, there were only three
services, ssh, smtp, and printer. The system "should" be secure.
At that time when rebooting, I was using scp, copying files from the woody
box. I got an "stall" message at the client machine because of the reboot
of server.
By the way, what is the best way to gather information about system
reboot? I am not willing to believe the system is compromised but I have
to make sure it is not. Thanks a lot.
Qian
Reply to: