On Tue, 19 Sep 2000, Kerry Miller wrote:
> Ok, I've taken several of your suggestions about looking at this hacked
> server. Somehow, they've turned off the logging and there are no entries
> in anything under /var/log where you would normally check out the logs.
> How can I restart the logging? I saw syslog in the rc3.d directory but
> haven't gotten past that yet. It looks like they are using his database
> server as a porn web server, and it's getting a LOT of use!
>
> Also, I'll have to plead guilty for 2 things yesterday:
> 1. Asking a question which was answered earlier
> 2. Posting to the list with a blank subject line
>
> I'll start my pennance now... I forgot I was on the digest and it didn't
> put the subject line up there for me. In the mean time, can this stupid
> hacked server be my good deed for the day?
>
> Thanks for the help, if you can tell me how to get the logging back I'll
> see if we can catch this sucker. Whoever set up the machine left the
> hosts.allow and hosts.deny files empty and every service in the world is
> running whether they need it or not.
>
> Thanks,
> Kerry
>
>
Try /etc/rc.d/init.d/syslog restart - this should start logging going
again. One way to stop logging is to delete the log files without
restarting syslog. Syslog will still be writting to the old files, and
as long as the files are not closed, they are still on the drive, but
the only links to them are the open file discripters, making it very
hard to access them! Restarting syslog will close the log files, and
open new ones. The space the old files are taking on the file system
will be freed at the same time. If you are realy daring, you can try
and recover the data in the log files before restarting syslog...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
