 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Firstly when I run top I get an error:
>
> bad data in /var/run/utmp
>
> and xterm kind of dies i.e. anything typed doesnt show up but gets
> executed
First advice is to know the existence of "stty sane" and "reset";
these kinds of errors tend to be fixed by one or the other, though you
might end up with some subtle terminal weirdness after executing them.
> I've tried replacing the utmp file by deleting/touching it and this works
> for awhile before dying again.
>
> The other problem I have is with last. When I do a last I get:
>
> ***** ssweeneygrenada. Wed Dec 31 19:00 - 19:00 (00:00)
> ***** * Wed Dec 31 19:00 - 19:00 (00:00)
> ***** * Wed Dec 31 19:00 - 19:00 (00:00)
> *y bryanlt.travelon Wed Dec 31 19:00 - 19:00 (00:00)
> Zp Wed Dec 31 19:00 - 19:00 (00:00)
> ]p D*** Wed Dec 31 19:00 still logged in
> *n bT*7jdow Wed Dec 31 19:00 still logged in
> **{7 Wed Dec 31 19:00 - 19:00 (00:00)
> **{7D*** * Wed Dec 31 19:00 - 19:00 (00:00)
> 1 travelon***** Wed Dec 31 19:00 - 19:00 (00:00)
> 2 root Wed Dec 31 19:00 - 19:00 (00:00)
> 2 Wed Dec 31 19:00 - 19:00 (00:00)
>
> wtmp begins Wed Dec 31 19:00:00 1969
>
> With these problems Ive noticed that nothing is being logged to
> /var/log/secure
>
> Any insight on this would be greatly appreciated.
Hmmmm... lots of problems could cause this kind of corruption.
(1) libc (which contains the utmp procedures) or a root program that
modifies utmp directly could be trashing a utmp with a different
format. I'm still not sure of the relationship between utmp and
lastlog, so that doesn't help.
(2) File system corruption in general. Reboot into single user mode,
remount all filesystems read-only (mount -o remount -r <mount point>
for all such mount points), and then run fsck on each partition
manually, with -c if you want to do a bad block scan (which probably
wouldn't hurt at this point). Bad block scans can exacerbate the
problems caused by a head-crash, but once the head crashes, you're SOL
anyway because the drive will just get worse and worse over time.
(3) Intruder? Someone could be trashing lastlog and utmp to hide
their intrusion. Of course, this probably isn't the case if you
aren't on a network.
If you are on a network, a few things I'd like to see are your process
list (to see which daemons are running) and a list of the versions of
the daemons you're running. Regardless, it would also be helpful to
know which version of libc (ls -l /lib/libc*) and which
distribution/release you're running.
Kyle
- --
Kyle R. Rose "They can try to bind our arms,
Laboratory for Computer Science But they cannot chain our minds
MIT NE43-309, 617-253-5883 or hearts..."
http://web.mit.edu/krr/www/ Stratovarius
krose at theory.lcs.mit.edu Forever Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3ih2+66jzSko6g9wRAnnzAJ9xvJTqcxtWcJvD7PkeWdKBpvh2owCg3RoG
KJ+zOqTJGM49lTSzxHst80E=
=oM9k
-----END PGP SIGNATURE-----
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
