[GLLUG] Any ideas? (Fw: exim paniclog on ladon has non-zero size)
Ed Thomson
ethomson at edwardthomson.com
Wed Jun 13 12:40:38 EDT 2007
On Jun 13, 2007, at 10:39 AM, Benjamin Cathey wrote:
>
> You know, I read somewhere in a linux magazine a year or so ago
> about this happening to someone. Seems to have changed the file.
> Wonder how it got removed initially?
It could be a programatic error. Some program or shell script
removing an output file or log file. (Maybe something is configured
to dump to /dev/null because nobody cares about the output, but the
program does something stupid to rotate or truncate its log file -
unlinking the file and creating a new one at the same path.)
It could be that somebody just mistyped something as root. ("rm foo /
dev/null" instead of "rm foo > /dev/null").
It could be something more malicious - it might be worth your while
to run chkrootkit. (When Bizarre Things happen on production
servers, I tend to get a bit paranoid.)
> Here is the output now:
>
> ladon:~# ls -Flasd /dev /dev/null
> 28 drwxr-xr-x 12 root root 28672 2007-06-13 11:38 /dev/
> 0 crw-rw-rw- 1 root root 1, 3 2007-06-13 11:38 /dev/null
> ladon:~#
Looks good to me.
-Ed
More information about the linux-user
mailing list