On Monday 19 December 2005 17:45, Paul Seniuk wrote: >Thanks for the reply .... > >After comparing this server to 9 others in the dump, amanda client > seems to be installed fine. > >I did discover that this server was comprimsed and was running a SPAM >script from /usr/lib/asterisk/.amandad .....god forbid I ever run > into these script kiddies on the street.
Just don't leave any witnesses, they can complicate ones life no end. >Having said that, I am assuming that the compromise may have broke >something on this server. I think thats safe to say. > >I tried a re-installation of amanda-client with the same error. I did >notice that after re-installing >/etc/dumpdates was not created during the install, which tells me > perms are still a problem here, but im stuck > because the Group ID is fine: >#>id amanda > uid=33(amanda) gid=6(disk) groups=6(disk) Thats the same as here. >Perms on /etc/dumpdates is: > >-rw-rw-r-- 1 root disk 172 Dec 16 02:37 dumpdates Thats the same as here, so I'd have reservations about that being the problem. >Would anything be logged about failing to create /etc/dumpdates (get >that long pole out, I used the RPM version for CentOS) ? Bleeghc... And I think here, I'd survey the system for both leftover of the asterisk kit, and for the locations of both the config dir and the data dir amanda keeps, then get the tarball and install from scratch after configuring the tarball to match. Nuke the rpm installed stuff by doing and rpm -e on it. Or maybe you can look at the .spec file in the rpm and steal^H^H^H^H^Hborrow the options from there. >For 'fun', I tried putting the perms to 777 ..still same error Somewhere, maybe the suid bits have been lost. You did do the rpm re-install as root I hope? Jon, do you have anything else to add? -- Cheers, Gene People having trouble with vz bouncing email to me should use this address: <[EMAIL PROTECTED]> which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
