My guess is that some RPM I installed, or that got installed via yum, changed the SELinux context of /etc/services. So, without log messages, the security of the system is a bit degraded (so I'll dub that SDLinux for "Security Degraded Linux"). My first thought was that somehow someone managed to get past the certificate-only source-ip-restricted SSH login and zap the logs. However, since no additional log messages were being written, that isn't as suspect as I had feared.
To get logging started again wasn't too complicated:
- restorecon /etc/services
(changes the SELinux context back to what it should be, which is
- service syslog restart
- logger -p daemon-warn "this is a test"
- tail /var/log/messages
- ls -Z /etc/services
Here's a reference to the bug that makes this quieter and uglier than it should be: