On Sun, Sep 26, 1999 at 11:39:30AM +0100, Tony Turner wrote: > I got some strange messages on Linux RedHat 5.1 I don't use RedHat but I believe that version is quite old. If you're security conscious you might want to make sure that there are no known vulnerabilities in the versions of the software you're currently running. > SIGHUP received. Attempting to restart. > Server configured. resuming normal operations. > SIGHUP received. Attempting to restart. > > What are these messages - since I got them this morning CGI scripts > won't run. Is that from your httpd / Apache log files? It means that something or someone has signalled the server to stop and restart. If someone has reconfigured Apache they would need to signal it this way to make it notice the changes to the config file. Is there anyone else who is authorised to admin that machine? As to the b0rken CGIs, perhaps a change was made to the config files ages ago that would have affected them, but the server was never restarted; now that someone has restarted it those changes have taken affect. Look at the mtimes on the Apache configs; compare them with old backups. > Also I have a message in the messages log > > syslogd 1.3-3: restart Ditto -- syslogd writes that when it starts up (boot time), or when it is signalled to reload. This may be being done automatically by your system when it wants to rotate the log files (it needs to restart things which have the log files open to stop them from writing to the old, rotated files). Is the time on the syslogd and Apache messages the same? If so, is anything set to run at this time from /etc/crontab, /var/spool/cron/crontabs/*, /etc/cron.d/*, or wherever your crond stores its configs (check the docs on your system to find out where these config files are, they may not be the same as the ones I've mentioned)? > Any ideas - not hacked I hope. By the way anything to do with the fact > I am running Bind 4.9.6. ( A bit iffy on security) I've not had any noticeable problems with bind 8.x, so maybe it's time to think about upgrading. CERT <URL:http://www.cert.org/> have some good guides on the sort of tedious but necessary admin and management tasks you need to think about if you're serious about security. You have to put up with a mild amount of officialese in the writing, though. ;-) -- "Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come." -- Matt Groening - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
