Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Questions about hardware,drivers and peripherals
Forum rules
Before you post please read how to get help
Post Reply
fruitkiller
Level 4
Level 4
Posts: 409
Joined: Tue Aug 05, 2014 7:52 pm

Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Post by fruitkiller » Mon Sep 24, 2018 7:35 pm

Hello,

For the last 3 days, my main desktop running 17.3 will out of the blue log me out to a black screen, then some loading stuff shows up, like if one presses escape during the LM logo boot up and after that X comes back and I am greeted by the login screen. I'm seriously concerned because it's not the hardware for sure, last week I put the thing through a variety of tests and apart from my undying 200gb first generation SATA internal drive (the 2 others are much larger, but that drive simply will not die, which is one more point for me when I say things made before 2008 do not have a "break-by" date), who has 12 broken sectors which after fsck just puts those out of reach. Anyways, I'm trying to find the reason why....I looked at /var/log/syslog and it doesn't make sense...no useful info on what happened around 7:10PM, it's talking about things happening 5 minutes ago (7:24PM)...have a look....I'm thinking this is not the syslog I have to look at when a problem like that arises...you tell me! This is freaking me out and I'm thinking of buying E-SET's freaking Linux antivirus right now, only a matter of time since more and more people use linux that malware for it would be made much more rapidly, and clamAV is alright but it's open source, which I don't think of it as a good thing when it comes to serious malware sec, otherwise I'm all for it. I'm trying my way forward to hardening with Lynis, I've done some basic hardening but some of it seems very difficult and I'm not learning it for a version of LM that reaches end of life next year in April.

So here's what that syslog was showing me, I booted back at 7:14 so I don't get the entries that stopped at 7:24 when I first looked it up :

Code: Select all

Sep 24 07:35:21 phil17 anacron[8034]: Job `cron.daily' terminated
Sep 24 07:35:21 phil17 anacron[8034]: Normal exit (1 job run)
Sep 24 07:35:50 phil17 kernel: [304719.974330] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:36:30 phil17 kernel: [304759.611598] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:37:09 phil17 kernel: [304799.238892] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:37:49 phil17 kernel: [304838.866022] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:38:29 phil17 kernel: [304878.533297] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:39:01 phil17 CRON[8266]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/session$
Sep 24 07:39:08 phil17 kernel: [304918.200401] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:39:48 phil17 kernel: [304957.557752] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:40:28 phil17 kernel: [304997.234978] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:41:07 phil17 kernel: [305036.922140] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:41:47 phil17 kernel: [305076.579375] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:42:27 phil17 kernel: [305116.256486] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:43:06 phil17 kernel: [305155.883762] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:43:46 phil17 kernel: [305195.501020] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:44:25 phil17 kernel: [305235.058469] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:45:05 phil17 kernel: [305274.745426] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:45:45 phil17 kernel: [305314.352774] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:46:25 phil17 kernel: [305354.029736] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:47:04 phil17 kernel: [305393.547201] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:47:43 phil17 kernel: [305432.904614] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:48:23 phil17 kernel: [305472.501771] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:49:03 phil17 kernel: [305512.138938] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:49:41 phil17 kernel: [305549.970514] BLOCKED: IN= OUT=tun0 SRC=10.8.0.10 DST=13.33.81.58 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14273 DF PROTO=TCP SPT=59725 DPT$
Sep 24 07:49:41 phil17 kernel: [305549.970896] BLOCKED: IN= OUT=tun0 SRC=10.8.0.10 DST=13.33.81.58 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=47570 DF PROTO=TCP SPT=59726 DPT$
Sep 24 07:49:42 phil17 kernel: [305551.736107] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:50:22 phil17 kernel: [305591.353512] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:51:02 phil17 kernel: [305631.001158] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:51:41 phil17 kernel: [305670.677866] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:52:21 phil17 kernel: [305710.365022] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:53:01 phil17 kernel: [305750.042157] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:53:40 phil17 kernel: [305789.689276] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Sep 24 07:54:20 phil17 kernel: [305829.356534] [UFW BLOCK] IN=eth3 OUT= MAC=01:00:5e:00:00:01:8c:10:d4:e5:1c:50:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=32 TOS=0x00 PRE$
Mac address is BS in case the auto-censoring decided not to work...

Important to note that the last crash...it did not bring me back to the login screen, just the red light indicating incredible activity and a dark screen, so I pressed reboot. Also, as an aside, why is my BIOS (updated to its last revision, april 2016) saying I have 4 keyboards, it used to be 3 keyboards but my usb 3.0/3.1 hub I got that's high-quality but got at a very low discount price on ebay, if I do not turn off the external hard drives I got plugged to it (2), and disconnect the hub itself, i'll go back to a regular 1 keyboard. See at boot, bios tells me how many drives, keyboards, hubs and mouses there are. I thought I'd throw it in because that is kind of bizarre behaviour.

fruitkiller
Level 4
Level 4
Posts: 409
Joined: Tue Aug 05, 2014 7:52 pm

Re: Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Post by fruitkiller » Tue Sep 25, 2018 11:20 pm

Nobody? It happened again once today. Am I even looking at the right syslog? I need to know what causes this, so much that I'm ready to pay for ESET Linux's malware/antivirus' software.

User avatar
Pierre
Level 17
Level 17
Posts: 7560
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Post by Pierre » Wed Sep 26, 2018 2:10 am

it's most unlikely to be some Virus, that is causing your issue,
& so you shouldn't need to be buying E-SET's freaking Linux antivirus right now .. ..

it's going to some hardware issue, that is dropping your system back to a shell prompt:
- what video driver, if any, are you using ?.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

fruitkiller
Level 4
Level 4
Posts: 409
Joined: Tue Aug 05, 2014 7:52 pm

Re: Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Post by fruitkiller » Wed Sep 26, 2018 4:41 am

Hi,

The driver isn't at issue, I've been using it since it came out, pretty much the last AMD Proprietary Driver for Linux, 15.30.1025.I play games in CrossOver and Steam without issue when I have the time. There's catalyst 15.32 but the deb created from the .run file I have not tried ever because it was about the time I figured out installing the driver for my radeon hd 7870 and a 7850 combined in CrossFire. It's been this way since the driver came out, when 17.3 is no longer supporteed, well, a little before, I'll be trying AMDGPU-PRO, I hear good results for that in Mint 19, Ubuntu 18.04 Mate and LMDE 3.

I'd like to know where the syslog I know exists that could tell me what happened when those logging out, when it happens, the black screen has the login filled with my username and the password, some stuff loads with [OK] at the end like when one boots and presses ESC during loading while the logo is displayed.

Then we'll see what's going on. Seems like a task in anacron/cron I surely haven't automatized myself kicks off. Only happened once today, but yesterday was pretty awful, especially as I was repairing a 64gb thumbdrive that had been broken WoeUSB, which is awful, I removed the PPA, WinUSB for Windows 7 is fine, WoeUSB and its many recent updates boots up with the win10 blue logo then fails...well it failed because the drive was broken. Thankfully I repaired it and I had a lot, lot of stuff running, on 3 desktops out of 4 offered in MATE.

fruitkiller
Level 4
Level 4
Posts: 409
Joined: Tue Aug 05, 2014 7:52 pm

Re: Strange happenings since a few days - getting logged out to a termi screen, things OK'd and back to login screen

Post by fruitkiller » Sat Sep 29, 2018 2:23 am

Well the driver is kind of an issue, I can't upgrade kernel because of that AMD Proprietary Driver...I'm stuck with kernel 3.16.57, .58 came out today and I can't install it, or any more recent kernels, they all blame the video driver, after rebooting after the failed kernel update, I had to do sudo dpkg configure -a, seems like that driver and kernel will be where I will be stuck with until 17.3 becomes unspported, well a bit before, I will be buying a new graphic card, an AMD R9 Nano is what I'm looking for, they're so damn expensive though now because of all the cryptomining. Computer electronics have stopped getting cheaper and cheaper and I don't know why, except for video cards, The Black Caviar 1TB hard drive I have I bought for 79.99 in 2013, now even a red caviar 1tb would cost likely more than that. I guess the CAD losing its 15 year parity/quasi-parity with the USD has something to do with it, January 2015, it was 0,95 USD, mid 2015, it was 0,79 and it's been hanging around there since then. Either that or I'm going to give Ubuntu MATE a try, installed it on my mother's old HP-6005-PRO since Mint 18.3, something in the updates made it freeze every 20 minutes. Tried Win7, OpenSuse too and there was no freezing. Which is a shame, but hey, it's got MATE, my favourite environment and it's just like she's used to things to be, she's been using Mint since 16 and the lack of calls about computers issues stopped so I was pretty glad about that.

Plus the fact electronics always have costed more here for some reasons and it's not the 1990 implemented federal sales tax of 5% or even the provincial sales taxes that vary from 0% in Alberta to 9,9976% in mine. Even before sales taxes showed up, I remember a NES when I was a kid cost 210 dollars for most of its lifetime, even when the SNES came out, the NES was still 150-160 dollars. My parents got me the version that came with only Super Mario Bros and no duck hunt and the zapper so it would cost them less. Plus my mother hated toy guns so I'm sure that was a plus for her.

Post Reply

Return to “Hardware Support”