Date: Mon, 6 May 2002 13:41:38 -0500 (CDT) From: Jason P Holland <jholland@cs.selu.edu> To: Vishwas <vtp@PKI.ecom.tifr.res.in> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: my FreeBSD-4.5 gets rebooted everyday at 3:03am !! Message-ID: <Pine.LNX.4.44.0205061338420.31022-100000@cs.selu.edu> In-Reply-To: <20020507000405.M18456-100000@PKI.ecom.tifr.res.in>
next in thread | previous in thread | raw e-mail | index | archive | help
try putting a #!/bin/sh -xv at the top of /etc/security, and re run it.
that -xv will give you extremly verbose output from the script. see if
you can figure out exactly where it causes the reboot, which command.
just from looking at this file, its very difficult to say what would cause
a problem.
jason
> Hi Jason,
> Your suggestion worked.
> my system gets rebooted when it executes /etc/security file.
> am pasting the file here......
>
> may be one can tell me the exact cause. I can figure out the runlevel is
> getting set to REBOOT. But where and why ? I don't know.
>
>
> --------------/etc/security-------------start-------
> PATH=/sbin:/bin:/usr/bin
> LC_ALL=C; export LC_ALL
> rc=0
> LOG=/var/log
> TMP=/var/run/_secure.$$
>
> separator () {
> echo ''
> echo ''
> }
>
> catmsgs() {
> find $LOG -name 'messages.*' -mtime -2 |
> sort -t. -r -n +1 -2 |
> xargs zcat -f
> [ -f $LOG/messages ] && cat $LOG/messages
> }
>
> sflag=FALSE ignore=
> while getopts ams c
> do
> case "$c" in
> a) ignore="$ignore|^amd:";;
> m) ignore="$ignore|^mfs:";;
> s) sflag=TRUE;;
> esac
> done
>
> yesterday=`date -v-1d "+%b %e "`
>
> host=`hostname`
>
> umask 027
>
> echo 'Checking setuid files and devices:'
>
> # Don't have ncheck, but this does the equivalent of the commented out
> block.
> # Note that one of the original problems, the possibility of overrunning
> # the args to ls, is still here...
> #
> MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
> set ${MP}
> while [ $# -ge 1 ]; do
> mount=$1
> shift
> find $mount -xdev -type f \
> \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
> \( -perm -u+s -or -perm -g+s \) -print0
> done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}
>
> if [ ! -f ${LOG}/setuid.today ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "No ${LOG}/setuid.today"
> cp ${TMP} ${LOG}/setuid.today || rc=3
> fi
>
> if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "${host} setuid diffs:"
> diff -w ${LOG}/setuid.today ${TMP}
> mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
> mv ${TMP} ${LOG}/setuid.today || rc=3
> fi
>
> # Show changes in the way filesystems are mounted
> #
> [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
> if mount -p | $cmd > $TMP; then
> if [ ! -f $LOG/mount.today ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "No $LOG/mount.today"
> cp $TMP $LOG/mount.today || rc=3
> fi
> if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "$host changes in mounted filesystems:"
> diff -b $LOG/mount.today $TMP
> mv $LOG/mount.today $LOG/mount.yesterday || rc=3
> mv $TMP $LOG/mount.today || rc=3
> fi
> fi
>
> separator
> echo 'Checking for uids of 0:'
> n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
> tee /dev/stderr |
> sed -e '/^root 0$/d' -e '/^toor 0$/d' |
> wc -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> separator
> echo 'Checking for passwordless accounts:'
> n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}'
> /etc/master.passwd |
> tee /dev/stderr | wc -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> # Show denied packets
> #
> if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
> if [ ! -f ${LOG}/ipfw.today ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "No ${LOG}/ipfw.today"
> cp ${TMP} ${LOG}/ipfw.today || rc=3
> fi
>
> if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "${host} denied packets:"
> diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
> mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
> mv ${TMP} ${LOG}/ipfw.today || rc=3
> fi
> fi
>
> # Show ipfw rules which have reached the log limit
> #
> IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
> if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
> ipfw -a l | grep " log " | perl -n -e \
> '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' >
> ${TMP}
> if [ -s "${TMP}" ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo 'ipfw log limit reached:'
> cat ${TMP}
> fi
> fi
>
> # Show IPv6 denied packets
> #
> if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
> if [ ! -f ${LOG}/ip6fw.today ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "No ${LOG}/ip6fw.today"
> cp ${TMP} ${LOG}/ip6fw.today || rc=3
> fi
>
> if ! cmp ${LOG}/ip6fw.today ${TMP} >/dev/null; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "${host} IPv6 denied packets:"
> diff -b ${LOG}/ip6fw.today ${TMP} | egrep "^>"
> mv ${LOG}/ip6fw.today ${LOG}/ip6fw.yesterday || rc=3
> mv ${TMP} ${LOG}/ip6fw.today || rc=3
> fi
> fi
> # Show ip6fw rules which have reached the log limit
> #
> IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
> if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
> ip6fw -a l | grep " log " | perl -n -e \
> '/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' >
> ${TMP}
> if [ -s "${TMP}" ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo 'ip6fw log limit reached:'
> cat ${TMP}
> fi
> fi
>
> # Show kernel log messages
> #
> if dmesg -a 2>/dev/null > ${TMP}; then
> if [ ! -f ${LOG}/dmesg.today ]; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "No ${LOG}/dmesg.today"
> cp ${TMP} ${LOG}/dmesg.today || rc=3
> fi
>
> if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
> [ $rc -lt 1 ] && rc=1
> separator
> echo "${host} kernel log messages:"
> diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
> mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
> mv ${TMP} ${LOG}/dmesg.today || rc=3
> fi
> fi
>
> # Show login failures
> #
> separator
> echo "${host} login failures:"
> n=$(catmsgs | grep -ia "^$yesterday.*login failure" | tee /dev/stderr | wc
> -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> # Show tcp_wrapper warning messages
> #
> separator
> echo "${host} refused connections:"
> n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr |
> wc -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> rm -f ${TMP}
>
> exit $rc
>
>
>
> -------------end-----------/etc/security-----------------
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mon, 6 May 2002, Jason P Holland wrote:
>
> >
> > you could try and run the job manually, watch and see if something obvious
> > shows up.
> >
> > Jason
> >
> > > Thanks Bill:
> > > Yes Bill, you are right. The time in /etc/crontab is set for
> > > 3:01am for daily jobs. And after checkups the system is getting rebooted
> > > at 3:03!!
> > >
> > > But how will I go to the root of the problem ? Is there any way to find
> > > out the cause ? Even i tried to analyse the log
> > > files.../var/log/messages, last etc. but not getting a clue ..... :-(
> > >
> > > I think you are getting my problem !
> > >
> > > best regards,
> > > Vishwas.
> > >
> > >
> > > On Mon, 6 May 2002, Bill Moran wrote:
> > >
> > > > Vishwas wrote:
> > > > > Hello All:
> > > > > My FreeBSD-4.5 reboots automatically everynight at 3:03. I have
> > > > > checked the cron entries. I haven't done any modifications to the system
> > > > > after installation.
> > > > >
> > > > > Am I the one who has been singled out by FreeBSD or someone else is also
> > > > > there ? :-))
> > > >
> > > > This comes up every so often. 3:00AM is when certain system maintenance tools
> > > > run, and this is likely causing your problem.
> > > > First thing to do is to disable the daily run in /etc/crontab and see if the
> > > > problem goes away. If it does, you've found the culpret and the solution is
> > > > a little more involved.
> > > > Hopefully you can afford some testing time on the machine. The first thing to
> > > > do is to cvsup and update your system to the latest stable, in case it's a
> > > > problem that's already been fixed:
> > > > http://www.freebsd.org/handbook/cutting-edge.html
> > > > Enable kernel crash dumps as described here:
> > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html
> > > > And analyze what's going on. If you don't understand kernel debugging, post
> > > > the results of a gdb session to the list asking for advice. Michael Lucas
> > > > wrote an excellent article on this for onlamp.com, I suggest you read that
> > > > as well.
> > > >
> > > > --
> > > > Bill Moran
> > > > Potential Technology
> > > > http://www.potentialtech.com
> > > >
> > > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> > >
> >
> > --
> >
> > .-.
> > __| |__
> > [__ __]
> > | |
> > | |
> > | |
> > '-'
> >
> >
> >
>
--
.-.
__| |__
[__ __]
| |
| |
| |
'-'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0205061338420.31022-100000>