WTF. This morning at 09:54 one of my OpenBSD VMs rebooted (in an orderly fashion, I see messages from various services to that end).

What I don't see is any reason for the shutdown? No kernel message, no error message, no obvious command in the process accounting log, no nothing?

Stuff like this doesn't help my paranoia...

If, say, the hoster sends an ACPI shutdown signal to the VM, I assume I should see some kernel message to that end?


Hrm. Does the process accounting on OpenBSD not record reboot commands?

When I run reboot(8), I see an "reboot: rebooted by bochmann" entry from the kernel in messages, but there's no record of that command in the lastcomm(1) output...

(Anyways, there's no reboot: message in the log from the event this morning either.)

@galaxis I’ve been working on a similar thing for Linux and thought that this sounds an awful lot like it only accounts when the exec *returns* which it never would for the reboot command because the machine powers off before it can.

This seems to be confirmed by (and apologies if I’m barking up the wrong tree here - I’m not an OpenBSD user, just interested in the problem space on Unixes) the `acct` man page which says: “For every process initiated which terminates under normal conditions or misbehaves in very specific ways (e.g. file access prevented by unveil), an accounting record is appended to file.”

@galaxis if you log all *entries* to execve syscalls under Linux you end up being spammed by shell $PATH searches and I’d be surprised if OpenBSD is any different.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!