Date: Tue, 01 Oct 2002 18:35:02 +0100 (CEST) From: home@jukkis.net To: questions@freebsd.org Subject: I'm puzzled Message-ID: <XFMail.20021001183502.home@jukkis.net>
index | next in thread | raw e-mail
(Sorry, but I don't know how to be brief in this matter, mail is long. Please
cc any follow-ups, I'm not subscribed)
Last night something weird happened, and I'd like to know what, so I'm asking
if someone knows what logfiles I should look at, given the following:
I was reading email around 1:00-2:00, when I noticed my system time had changed
by itself at some time, the two following lines are from the same xterm window,
I just pressed enter between:
[1:38] /storage>
[1:29] /storage>
Earlier in the evening I had another weird stuff happening when gkrellm, xmbmon
and mldonkey all started to eat cpu consuming all they could get, and system
became Very slow, so I killed those processes, and the following ps ax is from
an xterm buffer when I was doing that. Note that I believe the time had already
been changed at this time, so that 1:09 is not actually correct:
[1:09] /home/sjuke>ps ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.00 (swapper)
1 ?? SLs 0:11.94 /sbin/init --
2 ?? DL 0:07.24 (pagedaemon)
3 ?? DL 0:00.00 (vmdaemon)
4 ?? DL 0:01.96 (bufdaemon)
5 ?? DL 0:01.63 (vnlru)
6 ?? DL 0:58.63 (syncer)
27 ?? Is 0:00.00 adjkerntz -i
85 ?? Ss 0:01.28 /usr/sbin/syslogd -s
89 ?? Is 0:00.01 /usr/sbin/portmap
91 ?? Is 0:00.01 mountd -r
93 ?? Is 0:00.00 nfsd: master (nfsd)
95 ?? I 0:00.02 nfsd: server (nfsd)
96 ?? I 0:00.00 nfsd: server (nfsd)
97 ?? I 0:00.00 nfsd: server (nfsd)
98 ?? I 0:00.00 nfsd: server (nfsd)
100 ?? Is 0:00.00 rpc.statd
106 ?? Is 0:00.00 /usr/sbin/inetd -wW
108 ?? Is 0:00.90 /usr/sbin/cron
110 ?? Is 0:00.27 /usr/sbin/sshd
112 ?? Ss 0:34.41 /usr/sbin/usbd
115 ?? Ss 0:10.45 sendmail: accepting connections (sendmail)
117 ?? Is 0:00.17 sendmail: Queue runner@00:30:00 for /var/spool/client
182 ?? I 0:00.08 /usr/X11R6/bin/xdm -nodaemon ttyv8
185 ?? Ss 61:23.82 /usr/X11R6/bin/X -auth /usr/X11R6/lib/X11/xdm/authdir
186 ?? Is 0:00.06 /usr/X11R6/bin/xdm -nodaemon ttyv8
715 ?? Ss 0:10.50 mwm
723 ?? R 31:36.48 gkrellm
726 ?? Ss 0:39.89 fetchmail -d 30
783 ?? I 0:00.17 xterm -T XTerm
984 ?? S 0:05.32 xterm -T XTerm
1075 ?? I 0:00.70 xmmix
4608 ?? S 0:00.85 xterm -T XTerm
6795 ?? S 0:01.09 xterm -T XTerm
7081 ?? Is 0:00.03 esd -terminate -nobeeps -as 2 -spawnfd 12
27093 ?? S 0:19.81 xterm -T XTerm
65047 ?? S 0:00.07 xterm -T XTerm
784 p0 Ss+ 0:00.10 tcsh
785 p0 S 4:18.96 ./mlchat
788 p0 S 26:00.32 ./mldonkey_gui
985 p1 Is 0:00.14 tcsh
65045 p1 I+ 0:00.01 ftp ftp.sunet.se
4609 p2 Is 0:00.12 tcsh
64763 p2 I+ 0:00.05 _su (tcsh)
6796 p3 Is 0:00.33 tcsh
65044 p3 S+ 0:00.02 ftp ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/
27094 p4 Is 0:00.16 tcsh
54013 p4 I+ 0:00.23 _su (tcsh)
65048 p5 Ss 0:00.03 tcsh
65050 p5 R+ 0:00.00 ps ax
4702 v0 Is+ 0:00.01 /usr/libexec/getty Pc ttyv0
4703 v1 Is+ 0:00.01 /usr/libexec/getty Pc ttyv1
4704 v2 Is+ 0:00.01 /usr/libexec/getty Pc ttyv2
4705 v3 Is+ 0:00.01 /usr/libexec/getty Pc ttyv3
168 con- I 0:00.10 /usr/local/sbin/snmpd
I didn't give it so much thought at night, but in the morning I realized that
daily run outputs were dated WAY wrong, and indeed the last correct output was
dated Sep-29 02:02, after that I have monthly run Jan-01 year 1970 05:30, daily
run Jan-01 year 1970 03:02, and daily run Jan-02 year 1970 03:01.
Then I ran the following:
[6:19] /home/sjuke>date
Fri Jan 2 06:19:45 CET 1970
[6:21] /home/sjuke>su
Password:
[6:21] /home/sjuke# date 200210010733
Tue Oct 1 07:33:00 CEST 2002
[7:33] /home/sjuke#
Now it's all running ok again, and I would think it's just me who have messed
up some Daylight Saving Time setting (the 1 hour difference in the script
startup time between before and after change), but what worries me is these:
1) Year has changed to 1970, it's almost like the clock would have been reset
to epoch.
2) Timezone had changed to CET by itself, and when I ran date, it changed to
CEST.
3) I didn't notice the change of time until night 2002-10-01, because gkrellm
reported date 2002-09-30 correctly all monday, and all xterm windows (tcsh's)
were in correct time until 2002-10-01. It's almost as if I lost a day somewhere.
4) Pc has been turned on before 29th, so this didn't happen in conjunction with
some rebooting:
[18:26] /home/sjuke>uptime
6:26PM up 4 days, 14:35, 3 users, load averages: 0.01, 0.02, 0.00
My pc:
FreeBSD sjukebox 4.6-STABLE FreeBSD 4.6-STABLE #6: Thu Sep 12 18:24:11 CEST
2002 sjuke@sjukebox:/usr/src/sys/compile/NETTI2002 i386
And it's behind firewall/gateway
FreeBSD shoebox.home 4.7-RC FreeBSD 4.7-RC #1: Fri Sep 27 00:32:32 CEST 2002
sjuke@sjukebox:/usr/obj/usr/src/sys/GATER i386
in case this would be work of some trojan or something.
So, if someone has any idea what happened, or how to find out what happened,
I'd sure like to get any pointers.
-----------------------
[01-Oct-2002 18:22:58]
Jukkis - home@jukkis.net - www.jukkis.net
Those who can, do. Those who can't, teach.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20021001183502.home>