[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Worm problem?
- From: neugens <neugens libero it>
- To: seawolf-list redhat com
- Subject: Worm problem?
- Date: Sat, 30 Jun 2001 13:33:12 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have noted some strange activity on my system.
The first problem was a loss of data on my home directory, some files
(directory and files) where deleted.
I'm sure it was not due to a power failure.
Today I had the same problem, on reboot, lilo gave me an error: LI
This usually can happen when there is a problem in the /boot/boot.b file.
After have rebooted in rescue mode, I have found it was deleted, more over,
the whole /boot entry (/dev/hda2) was got corrupted.
I have run mke2fs on /dev/hda2 with option -c to check for bad blocks, but
everything was ok.
I have reinstalled lilo, and, just to be sure, all the kernel rpm, I have
recompiled my current kernel (2.4.5), and have restored an usable system.
It seem that there is a hole in the /var/log/message in the same time space
of the last data loss, and I have found an entry in wtmp:
[root nirvana log]# last
[...]
neugens pts/0 :0 Fri Jun 1 12:14 - 12:17 (00:02)
neugens tty1 Fri Jun 1 12:13 - down (00:03)
reboot system boot 2.4.5 Fri Jun 1 12:13 (00:03)
e avenderBlush monChiffon Sat Oct 23 21:24 - crash (-7449+-9:-1
e Turquoise lBlue Thu Oct 3 20:48 - crash (-10716+-8:-
tGoldenr syBrown ow Sun Oct 24 16:44 - crash (-7450+-4:-3
* *&**C \**&**C Wed May 24 21:28 - crash (-8027+-9:-1
C*C * C Sat Mar 17 11:54 - crash (4093+23:19)
*%*A9\** **%oA/\**%sA A\**%*AC\**%*AE\ Mon Apr 13 10:37 - crash (11372+00:36
**FAH%LA *cJA, LA* LA **eAdA]A*=nAx*tA Thu Jun 3 02:48 - crash (6938+09:25)
+ * **m *?F Thu Sep 23 20:47 - crash (-1210+-8:-3
b+h **$ Sun Dec 9 04:22 - crash (6018+06:51)
<*&A i+A PJ*A***A***A */#A*6/A**2 */.A Fri Feb 6 13:19 - crash (11437+21:53
?**"*b*" *,"** "*b*3 b*%*j Mon Mar 13 23:18 - crash (4462+11:55)
"*b*"*b* **sl0 **m Wed Aug 8 10:29 - crash (-4085+-22:-
*"**0 **K T*K@`*'A *c#"P**$* Sun Aug 22 20:36 - crash (-9578+-8:-2
neugens pts/0 Fri Jun 1 11:59 - 12:02 (00:03)
neugens pts/0 Fri Jun 1 11:57 - 11:59 (00:01)
[...]
While "crash" can be an hint, I'm not sure it was a crash.
Can someone give me an hint on how to read that?
Anymore, where I can get more info on what it's happened to my sys?
I'm going to install tripwire to monitor system changes, even though I have
not a server, and my machine is connected with a dialup connection.
The only service I have run since the installation was LPRng, but it is
protected by the firewall:
[root nirvana log]# netstat -na |grep 515
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
I have a system fully updated with all errata.
Thank you for help
neugens
- --
- -=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=-
Gnu Privacy Guard public key:
http://frine.hobbiton.org/signature.html
----------------------------------------
http://frine.hobbiton.org
http://digilander.iol.it/linuxlabs
- -=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=-
Support The Free Software ** Open Your Mind
- -=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=--=*=-
- --
=================================================
hack:
[very common] 1. n. Originally, a quick job that
produces what is needed, but not well.
http://www.tuxedo.org/jargon/html/entry/hack.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7PbkIpUdC/szrsdkRAsDdAJ49apOICQuyjiCn4ZVnyCvVVEidKQCfZRIN
grrWgogjNqXb9jlK3y6e/Tg=
=7K7Y
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]