on many systems 4:02 is when the cron.daily jobs are run, so it may be the case that one of the cron jobs did something that resulted in a crash/panic/oops.
netstat -anp will show you all open ports and the name of the process that owns it. grep for the port number in /etc/services or google for it if you don't recognize any. jason On Friday 02 July 2004 09:34, Jason Purdy wrote: > When I came into work today, our (Debian Woody) mail server wasn't > responding (my previous SSH connection was 'hung' and IMAP/POP > connections wouldn't work and pings were not responsive, either) and > I went to the console and plugged in a monitor and it was a black > screen (hitting the space bar or enter key didn't do anything). > > So I had to hit the server's reset key (ugh) ... about 15 minutes > later after the auto fsck, everything looks ok. > > This is a publicly available server, so my main concern is that > someone has r00ted me. I have been keeping up to date on security > patches that Debian puts out. > > I waded through logs (nothing suspicious, though there were several > attempts to do one of those "/SEARCH [long uri]" in its apache > access.log -- it was one of the last entries). In /var/log/messages, > I get a MARK every 20 minutes ... there's a big gap between the last > mark at 3:56am and when I restarted the server at 8:46. In the > mail.log file, the gap starts at 4:08, so that's when I think > something happened (I have a co-worker that POP's his mail every > minute ;)). > > I also ran a 'chkrootkit', but that didn't turn anything up. > > I did a netstat -atu and there are a couple of entries there that I > don't know about: > tcp 0 0 *:32768 *:* LISTEN > udp 0 0 *:821 *:* > udp 0 0 *:1111 *:* > > Is there any way to see what process is tied to those ports? > > Can anyone point me in a direction to figure out what happened? > Random hardware glitch or something else? > > Thanks, > > Jason -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
