Linux Machine Restart Unexpectedly

Hi,

I am new member on this forum and new linux administrative user.

We are running linux in our environment as virtual machine (Hyper-V) on which we running Oracle ERP.
Some time my this linux machine restarted unexpectedly without any reason.

I just try to google and found that I can got clue of this behavior by checking these logs
/var/log/syslogs

But unfortunate I am unable to get find these files which indicate why machine restarted unexpectedly.
LVL 6
infoplateformAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

andreasSystem AdminCommented:
Maybe your system is using journald as it is already a distro with systemd which has its own logging daemon.

Most posts in forums and the internet still refer to the old syslog logs. But nowadays many linux distros shited to systemd with its own logging system.

How to read those logs can be read here:

https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs

maybe this way you can find a hint of whats happend.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
- Investigate the hardware.. bad motherboard, faulty CPU, or a failing Power Supply Unit ( performing full hardware diagnostics)
- Investigating /var/log/messages  and  /var/log/syslog  look for error, panic and warning
andreasSystem AdminCommented:
Its a VIRTUAL Linux machine. If its the hardware, the Host would have problems with other VMs too and you would see some warnigs/errors in the host logs inside the Hyper-V Server.

So if there are no problems with other VMs on the host I would rule out hardware problems on the host, except problems with the storage, but usually storage problems will not cause sudden reboots on the running OS..
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

frankhelkCommented:
Just an idea ... maybe the machine does automatic updates ? Some updates require a reboot ...
madunix (Fadi SODAH)Chief Information Security Officer Commented:
>>linux machine restarted unexpectedly without any reason<<
A system reboot means the computer has rebooted in a "controlled" manner. There are a LOT of reasons for a system reboot, and example could be that you have a lot of programs open, for which a lot of memory is being allocated. The system may have a microsecond of confusion, and reboot itself.
infoplateformAuthor Commented:
Pls see attached "messages" fie
Untitled.jpg
frankhelkCommented:
Hmmm - definitely the process sfewfesfs seems to have a problem ... and linux tells you that this process doesn't belong to any known (=installed) software bundle and that it is configured not to run such processes.

I've tried to google that process name, and one of the hits came from virustotal.com - and on that page a file named so was detected as malware by many antivirus programs (see here).

Looks like it's time for some disinfection action (or at least a deep virus scan from a boot cd) ?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
madunix (Fadi SODAH)Chief Information Security Officer Commented:
You might have rootkit, Try to update your system and use utilities such as rkhunter / clamav. I would also verify the packages; Type the following command to verify all the installed rpm packages # rpm -Va
andreasSystem AdminCommented:
You can upload and let /etc/sfewfesfs scan by virustotal. If it comes up with an infection. I would rather reinstall than  cleaning.

You dont know what changes the attacker did on your machine. He might have changed passwords of seldom used accounts.
Put ssh keys to allow him passwordless logins.

Added some binaries that are not detectet yet by aby AV-tool. etc. pp.

So it would be a huge task to ensure you have checked all possible ways he could have planted another backdoor.

So in very most cases reinstall from scratch is ways faster than cleaning. and this way you can be SURE your machine is clean after the installation finished.

After reinstallation you need to change ALL passwords that were used on that machine and replace all private encryption keys that were on this machine, e.g. ssh keys, kerberos keys, etc.

You also need to change the passwords/keys on other machines that are not affected, if they use the same password/keys.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
As been said by andreas, You can reinstall the system instead. You should follow these procedural controls:
- Build any system from original
- Allow no disk or other kind of media attached to USB port
- Update malware software and AV scanning definitions/signatures frequently
- Update your OS
- Update all installed Software packages
- Have a good backup policy

Please check this link too:
http://stackoverflow.com/questions/23292718/am-i-hacked-unknow-processes-dsfref-gfhddsfew-dsfref-etc-are-starting-automa
frankhelkCommented:
Long inactive
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.