I've never heard anything like that before on a Linux machine. I know that I have experienced self reboots on Windows machines due to hardware problems (like busted memory or over heating CPU) but I would imagine that the Linux kernel would panic instead of rebooting your machine..but then again its hard to predict what might happen during hardware failure/malfunction.
check all your power leads, make sure there aren't any that are only just hanging in the socket or anything which might cause momentary power loss for that single machine. as for checking your logs, i think the best place to start is /var/log/syslog and /var/log/messages its hard to tell you what to look for, but the obvious things to look for would be failed login attempts...this would indicate someone has been trying to break in, look for daemons/services crashing unexpectedly because this might indicate someone is exploiting your services with a DOS attack. Also one of those log files should confirm if your machine really did reboot. Look for lines which indicate the system is going down for a reboot. Also check /var/log/security.log because this file should indicate if there have been any changes to important files which might indicate if a root kit has been installed. As a security tip I suggest you turn off all your services including SSH unless you really need it, and set your firewall to drop incoming icmp packets from your INTERNET interface because this will make your machine seem more invisible since people will receive no ping response from your machine therefore they may think there is no machine on that ip. This doesn't mean your INTERNET sharing wont work as well. If you do HAVE to run certain services try to configure them in a way where they do not return information which would reveal your type of system. Services like Apache web server often send back information detailing the version of apache that is running and the O/S which people can use to run specific exploits on your system. Apache can be configured to avoid sending this information. And if you can try to limit the access to these services. If only a small amount of people access these services try to limit the access to a specific domain or ip by reconfiguring your services. This will reduce the possibility of an outside attack. Hope this info helps. On Thu, 2002-11-07 at 09:13, Nikolai Razouvayev wrote: > Hi everybody, a quick question: > This morning I walked into my home office and my gateway machine (Mandrake > 9.0) was looking at me with the login screen. I didn't shut it down last > night, it runs all the time allowing my other machine to get online. The > other machine (also Mandrake 9) was running fine so it wasn't power outage > during the night. > > I'm not very experienced with Linux. Do I need to check some logs and if I > need to, which ones and what should I be looking for in the logs? > > Thanks > Nikolai > > PS - the gateway machine, the one facing the Internet, is reasonably > protected, it appears to be invisible (almost, port 80 is closed as opposed > to being blocked) when scanned so it's not like I'm asking everybody to come > in and shut down my puter.. > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug
signature.asc
Description: This is a digitally signed message part