[UFO Chicago] Sad crashing of Linux server

Jesse Becker jesse_becker@yahoo.com
Fri, 2 Aug 2002 11:27:56 -0700 (PDT)


--- Ian Bicking <ianb@colorstudy.com> wrote:
> I don't know why this is happening.  It's very sad.  I
> haven't found
> anything in the logs, but I'm not sure exactly where to
> look.

So, you've already had it rebooted once?  

I'd check the /etc/syslog.conf to see where logs are
getting written, then start checking those logs.  Other
things that do not make use of syslog, like apache, should
also get checked.  This may help you figure out when the
problems started.

Check /etc/passwd for bogus accounts, and run tripwire or
AIDE if you have it.  I don't know if debian lets you
verify packages like rpm does, but I'd check those as well
if you can.

Check the output from 'last', and the timestamp on various
files like /etc/passwd.  Look for supicious daemons running
with netstat and lsof (but check to make sure those
binaries haven't been compromised first!).

Have you installed new hardware recently?  Could hardware
be going bad?

--Jesse

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com