rsyslogd errors (new?) in Xubuntu 16.04.1 LTS
Gene Heskett
gheskett at shentel.net
Sat Aug 27 20:41:36 UTC 2016
On Saturday 27 August 2016 16:15:55 MR ZenWiz wrote:
> I just had an odd occurrence - I turned off my monitor to get some
> sleep, but when I powered it back on, there as no video signal. I
> rebooted and looked into the log, and there are a slew of rsyslogd
> errors:
>
> Aug 27 13:03:55 marbase rsyslogd: [origin software="rsyslogd"
> swVersion="8.16.0" x-pid="3009" x-info="http://www.rsyslog.com"] start
> Aug 27 13:03:54 marbase rsyslogd-2222: command
> 'KLogPermitNonKernelFacility' is currently not permitted - did you
> already set it via a RainerScript command (v6+ config)? [v8.16.0 try
> http://www.rsyslog.com/e/2222 ]
> Aug 27 13:03:55 marbase rsyslogd: rsyslogd's groupid changed to 104
> Aug 27 13:03:55 marbase rsyslogd: rsyslogd's userid changed to 101
> Aug 27 13:03:55 marbase rsyslogd-2039: Could not open output pipe
> '/dev/xconsole':: No such file or directory [v8.16.0 try
> http://www.rsyslog.com/e/2039 ]
> Aug 27 13:03:55 marbase rsyslogd-2007: action 'action 10' suspended,
> next retry is Sat Aug 27 13:04:25 2016 [v8.16.0 try
> http://www.rsyslog.com/e/2007 ]
>
> I checked the URLs, and it appears that this version of rsyslogd is
> old. Or am I way off base here?
>
> Thanks.
> MR
That to me has fingerprints of an attack all over it, or possibly some
bad memory. How or why for, no clue.
I would reboot to memtest86 and let it run a day, fix any memory errors
it finds, then re-install from at least a 2 day old backup, or possibly
even fresh from the dvd. In the either event, the first thing to do is
bring it up to date with all the fixes since the install dvd was
composed.
You do have a smart router between you and the net I assume, and your
local address is someplace in the 192.168.xx.xx address space I hope.
That stops 99.99999% of the black hats dead in their tracks unless you
have a server exposed to the internet.
I define a smart router as one that has been reflashed with dd-wrt.
There are others of a similar nature. No one I didn't give the username
and pw to for root access has ever come thru it in over a decade of
running it on various hardware.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
More information about the ubuntu-users
mailing list