What does this Console Log mean?

Discussion in 'Mac Programming' started by soos, Mar 4, 2009.

  1. macrumors newbie

    Joined:
    Oct 25, 2008
    #1
    I hope this is the right part of the forum to post this. I think that someone has tempered with my computer as there was someone in my home study between at around 1.05 pm for about 8 minutes while I was at work. My Mac Pro was left on at the log in screen. I have found this on my Console log when I got back. I am interested about what happened at 13.10. Are those processes done automatically by the Mac or did someone try to do something?

    Thanks
    Soos

    03/03/2009 12:11:02, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:02.950 FindSystemFiles[14630:713] Querying receipt database for system packages
    03/03/2009 12:11:03, 3 Mar 2009 com.apple.backupd[14629] 2009-03-03 12:11:03.134 FindSystemFiles[14630:713] Using system path cache.
    03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Volume is journaled. No checking performed.
    03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.
    03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchctl.System[2] launchctl: Please convert the following to launchd: /etc/mach_init.d/dashboardadvisoryd.plist
    03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (com.apple.blued) Unknown key for boolean: EnableTransactions
    03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cups-lpd) Unknown key: SHAuthorizationRight
    03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.cups.cupsd) Unknown key: SHAuthorizationRight
    03/03/2009 13:10:56, 3 Mar 2009 com.apple.launchd[1] (org.ntp.ntpd) Unknown key: SHAuthorizationRight
    03/03/2009 14:00:36, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[97]) Stray process with PGID equal to this dead job: PID 98 PPID 1 smbd
    03/03/2009 16:27:31, 3 Mar 2009 com.apple.launchd[1] (org.samba.smbd[145]) Stray process with PGID equal to this dead job: PID 146 PPID 1 smbd
     
  2. Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    I don't see anything suspicious. At most, the person rebooted your computer. Has your computer been exhibiting any peculiar behavior?
     
  3. thread starter macrumors newbie

    Joined:
    Oct 25, 2008
    #3
    Thanks for the reply. My computer runs perfectly without problems. I was just worried that he may have tried to steal data from my computer. Do you think he could have removed my hard drive and just copied it?
     
  4. macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #4
    if the machine doesn't have physical security, nothing else matters. If you know someone untrustworthy had physical access, it would be in your best interest to assume the worst. If you had things you consider highly sensitive on the machine, then assume this individual now has access to those things. If that means you need to change PIN numbers, reset passwords, alert an employer to a breach, etc. you should do so.

    -Lee
     
  5. macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #5
    Who knows. That wouild never show up in the log.

    Here at work on some computers that contain sensitive data. We have a rule that ALL disk drives are to be physically locked up if a person is not physically in the room watching them. Of course the computer will not be connected to any network. We either have the room itself built like a vault with a steel door or we have safes in the room to hold the disks and paper documents.

    The point here is that computers do not log information when they are powered off. Anyone who has physical access to the equipment can by-pass any controls simply by using a screwdriver. So who knows what happened. It would be easy to re-bot the Mac off an external firewire drive, copy data and then boot again off your system drive. You'd have no way to know.

    Another way you can prevent problems is to encrypt your data.
     
  6. macrumors 603

    Cromulent

    Joined:
    Oct 2, 2006
    Location:
    The Land of Hope and Glory
    #6
    You should always, always, always (repeat 10 times more) save your critical and sensitive information in a 256bit encrypted disk image with at least a 10 alpha-numeric character password (use symbols, upper and lower case letters as well as numbers).
     
  7. thread starter macrumors newbie

    Joined:
    Oct 25, 2008
    #7
    Thanks all.

    What does this mean?

    03/03/2009 13:10:52, 3 Mar 2009 com.apple.launchctl.System[2] fsck_hfs: Use the -f option to force checking.

    Did the person try to check or look for something in my Mac?
     
  8. macrumors 68040

    lee1210

    Joined:
    Jan 10, 2005
    Location:
    Dallas, TX
    #8
    It likely means that during boot the system was seeing if it needed to check your filesystem, but decided it wasn't strictly necessary so it was skipped.

    -Lee
     

Share This Page