| View previous topic :: View next topic |
| Author |
Message |
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
 Posted: Tue Dec 29, 2015 10:27 am Post subject: suspicious init entries in syslog |
 |
|
I do wonder about these entries in my syslog at my server : | Code: | Dec 28 15:46:17 tor-relay init[1]: Trying to re-exec init
Dec 28 15:46:17 tor-relay init[1]: no more processes left in this runlevel
|
Any hints ? |
|
| Back to top |
|
 |
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 29, 2015 11:47 am Post subject: |
|
|
toralf ...
did you happen to have updated glibc during this timeframe?
| Code: | | # qlop -Cl | egrep '^(Sun|Mon) Dec 2(7|8).*2015' |
... or perhaps some other package update, sys-apps/sysvinit for instance, that might call 'telinit u'?
best ... khay |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
| Posted: Tue Dec 29, 2015 2:14 pm Post subject: |
|
|
Hhnm, it started around 11th : | Code: | tor-relay ~ # zgrep 'init\[' /var/log/messages* | cut -f2- -d':' | sort
Dec 11 12:23:47 tor-relay init[1]: no more processes left in this runlevel
Dec 11 12:23:47 tor-relay init[1]: Trying to re-exec init
Dec 12 20:05:03 tor-relay init[1]: Switching to runlevel: 6
Dec 12 20:07:34 tor-relay init[1]: no more processes left in this runlevel
Dec 14 18:38:57 tor-relay init[1]: no more processes left in this runlevel
Dec 14 18:38:57 tor-relay init[1]: Trying to re-exec init
Dec 15 16:45:36 tor-relay init[1]: no more processes left in this runlevel
Dec 15 16:45:36 tor-relay init[1]: Trying to re-exec init
|
and the only upgrade there were to net-misc/tor-0.2.7.6 |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 29, 2015 2:51 pm Post subject: |
|
|
toralf ...
ok, on the basis of frequency, and the lack of pattern to date/time, I'd be suspicious. What comes prior to those date/times in the log?
best ... khay |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
| Posted: Tue Dec 29, 2015 3:15 pm Post subject: |
|
|
| khayyam wrote: | toralf ...
ok, on the basis of frequency, and the lack of pattern to date/time, I'd be suspicious. What comes prior to those date/times in the log?
best ... khay |
No picture AFAICS, | Code: | | zgrep -B 4 -A 4 'init\[' /var/log/messages* | cut -f2- -d':' | wgetpaste |
is in https://bpaste.net/show/309860c7b9aa |
|
| Back to top |
|
|
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 6219
Location: Dallas area
|
| Posted: Tue Dec 29, 2015 3:36 pm Post subject: |
|
|
I would roll back tor and see if the problem goes away.
and are you running systemd or something that would automatically respawn tor?
_________________
UM780, 6.12 zen kernel, gcc 13, openrc, wayland |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
| Posted: Tue Dec 29, 2015 5:20 pm Post subject: |
|
|
| Oh no, I do not run nor I do plan to run systemd on my server. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Dec 29, 2015 10:19 pm Post subject: |
|
|
| toralf wrote: | | khayyam wrote: | | on the basis of frequency, and the lack of pattern to date/time, I'd be suspicious. What comes prior to those date/times in the log? |
No picture AFAICS |
toralf ... I see a picture, they all occur after cron.hourly/0anacron. Cron is running a number of log-check, sysstat, auditd, and build processes/scripts any of which may be triggering a 'telinit u'.
best ... khay |
|
| Back to top |
|
|
|
Networking & Security
