PDA

View Full Version : What does this Console Log mean?




soos
Mar 4, 2009, 05:16 AM
I hope this is the right part of the forum to post this. I think that someone has tempered with my computer as there was someone in my home study between at around 1.05 pm for about 8 minutes while I was at work. My Mac Pro was left on at the log in screen. I have found this on my Console log when I got back. I am interested about what happened at 13.10. Are those processes done automatically by the Mac or did someone try to do something?

Thanks
Soos

03/03/2009 12:11:02, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:02.950 FindSystemFiles[14630:713] Querying receipt database for system packages
03/03/2009 12:11:03, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:03.134 FindSystemFiles[14630:713] Using system path cache.
03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Volume is journaled. No checking performed.
03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchctl.System[2] launchctl: Please convert the following to launchd: /etc/mach_init.d/dashboardadvisoryd.plist
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (com.apple.blued) Unknown key for boolean: EnableTransactions
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cups-lpd) Unknown key: SHAuthorizationRight
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cupsd) Unknown key: SHAuthorizationRight
03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.ntp.ntpd) Unknown key: SHAuthorizationRight
03/03/2009 14:00:36, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[97]) Stray process with PGID equal to this dead job: PID 98 PPID 1 smbd
03/03/2009 16:27:31, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[145]) Stray process with PGID equal to this dead job: PID 146 PPID 1 smbd



angelwatt
Mar 4, 2009, 07:26 AM
I don't see anything suspicious. At most, the person rebooted your computer. Has your computer been exhibiting any peculiar behavior?

soos
Mar 4, 2009, 09:35 AM
Thanks for the reply. My computer runs perfectly without problems. I was just worried that he may have tried to steal data from my computer. Do you think he could have removed my hard drive and just copied it?

lee1210
Mar 4, 2009, 10:42 AM
if the machine doesn't have physical security, nothing else matters. If you know someone untrustworthy had physical access, it would be in your best interest to assume the worst. If you had things you consider highly sensitive on the machine, then assume this individual now has access to those things. If that means you need to change PIN numbers, reset passwords, alert an employer to a breach, etc. you should do so.

-Lee

ChrisA
Mar 4, 2009, 11:16 AM
Thanks for the reply. My computer runs perfectly without problems. I was just worried that he may have tried to steal data from my computer. Do you think he could have removed my hard drive and just copied it?

Who knows. That wouild never show up in the log.

Here at work on some computers that contain sensitive data. We have a rule that ALL disk drives are to be physically locked up if a person is not physically in the room watching them. Of course the computer will not be connected to any network. We either have the room itself built like a vault with a steel door or we have safes in the room to hold the disks and paper documents.

The point here is that computers do not log information when they are powered off. Anyone who has physical access to the equipment can by-pass any controls simply by using a screwdriver. So who knows what happened. It would be easy to re-bot the Mac off an external firewire drive, copy data and then boot again off your system drive. You'd have no way to know.

Another way you can prevent problems is to encrypt your data.

Cromulent
Mar 4, 2009, 11:18 AM
You should always, always, always (repeat 10 times more) save your critical and sensitive information in a 256bit encrypted disk image with at least a 10 alpha-numeric character password (use symbols, upper and lower case letters as well as numbers).

soos
Mar 4, 2009, 01:20 PM
Thanks all.

What does this mean?

03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.

Did the person try to check or look for something in my Mac?

lee1210
Mar 4, 2009, 02:11 PM
Thanks all.

What does this mean?

03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.

Did the person try to check or look for something in my Mac?

It likely means that during boot the system was seeing if it needed to check your filesystem, but decided it wasn't strictly necessary so it was skipped.

-Lee