Date: Wed, 3 Oct 2001 15:29:08 +0300 From: Peter Pentchev <roam@ringlet.net> To: ANdrei <andrei@abc.ro> Cc: rik@rikrose.net, freebsd-security@FreeBSD.ORG Subject: Re: last Message-ID: <20011003152907.A88233@ringworld.oblivion.bg> In-Reply-To: <3BBAF0B7.2CC21C7B@abc.ro>; from andrei@abc.ro on Wed, Oct 03, 2001 at 02:04:23PM %2B0300 References: <Pine.LNX.4.21.0110031129110.3489-100000@pkl.net> <3BBAF0B7.2CC21C7B@abc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 03, 2001 at 02:04:23PM +0300, ANdrei wrote: > rik@rikrose.net wrote: > > > > On Wed, 3 Oct 2001, ANdrei wrote: > > > it wasn't for sure me :), but i just had my firewall down for a few > > > mins, and then it happened... was this just a coincidence? > > > > It could have been a power cut, or even a brown out, or someone else while > > you were working on the firewall :) > > nope, in that case you don't get that log entry from last (i'm almost > sure about that) and your file-systems get checked at startup for sure, > and mine didn't... it was a clkean shutdown... No, it wasn't. It was either a power failure, or somebody hitting the power button, but it was by no means a clean shutdown. Had it been a clean shutdown, last(1) would have said something like: reboot ~ Sun Sep 30 21:20 shutdown ~ Sun Sep 30 21:13 roam ttyv0 Sun Sep 30 21:08 - shutdown (00:05) That is, there would have been an entry named 'shutdown', and the logout time of the still-logged-in users would have been marked as 'shutdown', not 'crash' as in your logs. The absence of a 'shutdown' entry in your logs means that the system did not record a wtmp entry at the time of the shutdown, meaning the system was not really doing a clean shutdown. The 'crash' in the logout time field means that upon starting at the next boot-up, the system found still unclosed wtmp records, and concluded that there had been an unclean reboot. G'luck, Peter -- I am not the subject of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011003152907.A88233>