Re: hard disk failure - now what?

2009-08-25 Thread perryh
Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Kelly Martin kellymar...@gmail.com writes: I just experienced a hard drive failure on one of my FreeBSD 7.2 production servers with no backup! ... First, try copying the entire disk, *without* mounting it. Yep. Use dd(1) to get

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Ok, here is what lsof tells me: $ sudo lsof | grep perl perl5.8.9 4272 www cwd VDIR 0,76512 2 / perl5.8.9 4272 www rtd VDIR 0,76512 2 / perl5.8.9 4272 www txt VREG 0,82 4428 3015044 /usr/local/bin/perl perl5.8.9

Re: what www perl script is running?

2009-08-25 Thread Mike Bristow
On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote: Ok, here is what lsof tells me: $ sudo lsof | grep perl perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP gw:51295-94.102.51.57:afs3-fileserver (ESTABLISHED) The last line would be appear to telling me

Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable

2009-08-25 Thread Julien Cigar
Hello, We have an HP Proliant DL380G5 with 4GB of RAM and FreeBSD 7.0 which runs PostgreSQL 8.3 for more than a year now. No problems, except that two days ago I noticed those messages in my kernel logs : Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or

Re: what www perl script is running?

2009-08-25 Thread Ruben de Groot
On Tue, Aug 25, 2009 at 10:19:37AM +0100, Mike Bristow typed: On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote: Ok, here is what lsof tells me: $ sudo lsof | grep perl perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP gw:51295-94.102.51.57:afs3-fileserver

Re: Problem mounting EXT2FS

2009-08-25 Thread Mark Stapper
Jeronimo Calvo wrote: Hi folks, im migrating from Linux to BSD, and i found my first problem... First of all, i did save my /home from my old Linux distribution on another HD, ext2fs partition /dev/ad6s1... I can correctly see the drive from sysinstall. I read about compiling the KERNEL in

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Mike Bristow wrote: On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote: Ok, here is what lsof tells me: $ sudo lsof | grep perl perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP gw:51295-94.102.51.57:afs3-fileserver (ESTABLISHED) The last line would be

Re: Problem mounting EXT2FS

2009-08-25 Thread Jeronimo Calvo
Actually, im just compile it and restart it... seems to be working fine now... By the way... who do i do that?? is that necessary? cheers! 2009/8/25 Mark Stapper st...@mapper.nl Jeronimo Calvo wrote: Hi folks, im migrating from Linux to BSD, and i found my first problem... First of all, i

Re: what www perl script is running?

2009-08-25 Thread Olivier Nicole
Hi Colin, Am I correct in assuming that my system has been hacked and I am running an IRC server or something? IRC client at least. And yes, I would think that your system has been compromised. Good luck, Olivier ___ freebsd-questions@freebsd.org

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Olivier Nicole wrote: Am I correct in assuming that my system has been hacked and I am running an IRC server or something? IRC client at least. And yes, I would think that your system has been compromised. Thanks Olivier. I am currently killing the process with the following bash

how to decide if disk / system is quotas capable

2009-08-25 Thread Stefan Miklosovic
hi, I am writing a script in which I want to decide if disk / system is capable to set quotas for user / groups. how to check it? I am thinking about 1) checking enable_quotas=YES in /etc/rc.conf 2) should I try to look in /etc/fstab? There is userquota and / or groupquota in line for some disk

Re: what www perl script is running?

2009-08-25 Thread Olivier Nicole
Colin, I suppose this calls for a bare-metal reinstall. Is it worth first trying to determine how my system was broken into? It really depends on: - what is installed on that machine (how long it would take to reinstall, how many softwares, ports, specially configured stuff). - how

Re: how to decide if disk / system is quotas capable

2009-08-25 Thread Olivier Nicole
Hi, 1) checking enable_quotas=YES in /etc/rc.conf 2) should I try to look in /etc/fstab? There is userquota and / or groupquota in line for some disk device in option field. That is enough. 1) will tell you that the system is quota capable 2) will tell you what file system is quota capabel

Re: Problem with cURL and pipes

2009-08-25 Thread chris
Never mind, cURL bug. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Problem mounting EXT2FS

2009-08-25 Thread Jeronimo Calvo
hi Mark! Im using FreeBSD 7.2-RELEASE... but im not sure about the userland, is currently fresh installed, just compiled the KERNEL to add ext2fs support and installed the patch for the 256-inode... nothing else... But I will take your advise and upgrade my kernel to STABLE (as I think it will be

Re: Problem mounting EXT2FS

2009-08-25 Thread Mark Stapper
Jeronimo Calvo wrote: hi Mark! Im using FreeBSD 7.2-RELEASE... but im not sure about the userland, is currently fresh installed, just compiled the KERNEL to add ext2fs support and installed the patch for the 256-inode... nothing else... But I will take your advise and upgrade my kernel to

Re: Problem mounting EXT2FS

2009-08-25 Thread Jeronimo Calvo
I have as well this in the other hand: heheheh, THE BIBLE! [image: 51dtdR9r6RL._SL500_AA240_.jpg] 2009/8/25 Mark Stapper st...@mapper.nl Jeronimo Calvo wrote: hi Mark! Im using FreeBSD 7.2-RELEASE... but im not sure about the userland, is currently fresh installed, just compiled the

Re: what www perl script is running?

2009-08-25 Thread Bill Moran
In response to Colin Brace c...@lim.nl: Olivier Nicole wrote: Am I correct in assuming that my system has been hacked and I am running an IRC server or something? IRC client at least. And yes, I would think that your system has been compromised. Thanks Olivier. I am

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and actually _fix_ the problem. In reality, good security practice says that you should have IPFW (or some other firewall) running and

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Bill, one more thing: Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and actually _fix_ the problem. Mike Bristow above wrote: The script is talking to 94.102.51.57 on port 7000. OK, so

Re: what www perl script is running?

2009-08-25 Thread Ruben de Groot
On Tue, Aug 25, 2009 at 06:16:49AM -0700, Colin Brace typed: Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and actually _fix_ the problem. In reality, good security practice

Re: what www perl script is running?

2009-08-25 Thread Ruben de Groot
On Tue, Aug 25, 2009 at 06:30:17AM -0700, Colin Brace typed: Bill, one more thing: Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and actually _fix_ the problem. Mike Bristow

Re: what www perl script is running?

2009-08-25 Thread Paul Schmehl
--On Tuesday, August 25, 2009 07:26:04 -0500 Bill Moran wmo...@potentialtech.com wrote: I am currently killing the process with the following bash command while I decide what to do next: $ while x=1 ; do sudo killall -9 perl5.8.9 echo killed... ; sleep 15; done You can add an ipfw rule to

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Ruben de Groot wrote: Which is exactly what the rogue perl script was using to connect to it's home. Once established this connection could have been used for allmost anything, including downloading other malicious software or setting up a tunnel into your LAN. Well, the box (also)

Re: what www perl script is running?

2009-08-25 Thread Paul Schmehl
--On Tuesday, August 25, 2009 04:41:33 -0500 Ruben de Groot mai...@bzerk.org wrote: On Tue, Aug 25, 2009 at 10:19:37AM +0100, Mike Bristow typed: On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote: Ok, here is what lsof tells me: $ sudo lsof | grep perl perl5.8.9 4272 www

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
Ruben de Groot wrote: Try a find through the entire filesystem for files owned by this user that you can't account for. Also check your cron and at files under /var/cron and /var/at I found the cronjob which keeps restarting the script: [r...@venus /var/cron/tabs]# ls -l total 12

Re: what www perl script is running?

2009-08-25 Thread Paul Schmehl
--On Tuesday, August 25, 2009 05:46:43 -0500 Colin Brace c...@lim.nl wrote: Olivier Nicole wrote: Am I correct in assuming that my system has been hacked and I am running an IRC server or something? IRC client at least. And yes, I would think that your system has been compromised.

Re: Continuous backup of critical system files

2009-08-25 Thread Modulok
I'm setting up a firewall using FreeBSD 7.2 and thought that it may not be a bad idea to have a continuous backup for important files like pf and dnsmasq configurations. By continuous I mean some script that would be triggered every few minutes from cron to automatically create a backup of

Re: what www perl script is running?

2009-08-25 Thread Paul Schmehl
--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote: Bill, one more thing: Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and actually _fix_ the problem. Mike

Re: hard disk failure - now what?

2009-08-25 Thread Jerry McAllister
On Mon, Aug 24, 2009 at 10:26:11PM +0200, Polytropon wrote: On Mon, 24 Aug 2009 12:29:19 -0600, Kelly Martin kellymar...@gmail.com wrote: My question: what kind of checks and/or repair tools should I run on the damaged drive after it's mounted? Or should I mount it as read-only and start

Re: what www perl script is running?

2009-08-25 Thread Bill Moran
In response to Paul Schmehl pschmehl_li...@tx.rr.com: --On Tuesday, August 25, 2009 07:26:04 -0500 Bill Moran wmo...@potentialtech.com wrote: I am currently killing the process with the following bash command while I decide what to do next: $ while x=1 ; do sudo killall -9 perl5.8.9

Re: hard disk failure - now what?

2009-08-25 Thread Lowell Gilbert
per...@pluto.rain.com writes: Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Kelly Martin kellymar...@gmail.com writes: I just experienced a hard drive failure on one of my FreeBSD 7.2 production servers with no backup! ... First, try copying the entire disk, *without*

Re: antivirus gateway

2009-08-25 Thread Chris
On Aug 23, 2009, at 1:47 PM, Yavuz Ma┼člak wrote: Hello I wish to use freebsd7.2 as an antivirus gateway. is there any document about that? Could you give an advice ? snort_inline with if_bridge provides a bit of this functionality. You drop all incoming off at a socket which you have

Re: what www perl script is running?

2009-08-25 Thread Bill Moran
In response to Paul Schmehl pschmehl_li...@tx.rr.com: --On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote: Bill Moran wrote: You can add an ipfw rule to prevent the script from calling home, which will effectively render it neutered until you can track down and

Re: what www perl script is running?

2009-08-25 Thread Adam Vande More
On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.comwrote: In response to Paul Schmehl pschmehl_li...@tx.rr.com: --On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote: Bill Moran wrote: You can add an ipfw rule to prevent the script from

Re: what www perl script is running?

2009-08-25 Thread Bill Moran
In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.comwrote: In response to Paul Schmehl pschmehl_li...@tx.rr.com: --On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote: Bill Moran wrote:

ppp problem over bluetooth

2009-08-25 Thread coool v
hello i am on freesd 6 , i am trying to connect to internet using my nokia phone. so far i got paired it with my pc and able to dialup to my isp, problem is i get connected for sometime and gets disconnected. i cant browse, only one dsn server gets assigned in resolv.conf, infact there must be

Re: hard disk failure - now what?

2009-08-25 Thread Polytropon
On Tue, 25 Aug 2009 11:04:38 -0400, Jerry McAllister jerr...@msu.edu wrote: dd will barf on bad bits too. You can tinker to make it skip over the bad block, but it won't read it. As it has been suggested, there are interesting tools in the ports collection. I'll post my famous list again.

IBM Stinkpad and Wifi

2009-08-25 Thread herbert langhans
Hi Daemons, I have some troubles to get connected to an open Wifi-Net. Its an older IBM Stinkpad 600 and I bought a new PCMCIA-card for it. Chipset of the card is from Atheros, this is recommended by the FreeBSD Handbook. I boot the Laptop, the drivers seem to be compiled in the generic Kernel.

Re: Problem mounting EXT2FS

2009-08-25 Thread Polytropon
On Tue, 25 Aug 2009 13:33:59 +0200, Mark Stapper st...@mapper.nl wrote: Don't forget to reapply the ext2 patch... ;-) And of course keep in mind that kernel and world (userland) have to be of the same version, e. g. if you upgrade your sources to 7-STABLE, recompile kernel and world and install

Re: what www perl script is running?

2009-08-25 Thread CyberLeo Kitsana
Colin Brace wrote: Ruben de Groot wrote: Try a find through the entire filesystem for files owned by this user that you can't account for. Also check your cron and at files under /var/cron and /var/at I found the cronjob which keeps restarting the script: [r...@venus

Re: what www perl script is running?

2009-08-25 Thread Adam Vande More
On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.comwrote: In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.com wrote: In response to Paul Schmehl pschmehl_li...@tx.rr.com: --On Tuesday,

Re: netbooks for freebsd?

2009-08-25 Thread Peter Harrison
Monday, 24 August 2009 at 5:45:20 -0700, Jeff Hamann said: thanks. i've looked at both an acer and lenovo models and like the lenovo model better. I like my s10e too - but remember I don't have native wireless, I'm using ndis. There are also some acpi glitches which the currently

Re: what www perl script is running?

2009-08-25 Thread Bill Moran
In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.comwrote: In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.com wrote: In response to

Re: what www perl script is running?

2009-08-25 Thread Adam Vande More
On Tue, Aug 25, 2009 at 2:43 PM, Bill Moran wmo...@potentialtech.comwrote: In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.com wrote: In response to Adam Vande More amvandem...@gmail.com: On Tue, Aug 25, 2009

Re: what www perl script is running?

2009-08-25 Thread Colin Brace
CyberLeo Kitsana wrote: Are these files available in a tarball someplace public, for those of us who enjoy performing autopsies on virii? Sure thing: http://silenceisdefeat.com/~cbrace/www_badstuff.gz this tarball contains tmpfile which is the misbehaving script as well as the contents of

Re: what www perl script is running?

2009-08-25 Thread Steve Bertrand
Adam Vande More wrote: [ huge, huge snip ] You said block by destination port. What you presented is not this, although it gives give a functional environment of it. Sorry for the pedantic pursuit here, but IMO terminology is important here. I've read this thread on a 'best-effort' basis

src.conf and cleaning up of base?

2009-08-25 Thread Henrik Hudson
Hello List, I enabled a few WITHOUT_ options in src.conf. However, the binaries for that still exists after a installworld. Is there an automatic way to clean up the base install? For example, I did a minimal install of 8.0-BETA2, csup'ed down -CURRENT and set WITHOUT_RCMDS in src.conf .

Re: what www perl script is running?

2009-08-25 Thread Olivier Nicole
Colin, Be aware that what you listed below is what additional scripts the hacker installed on your server after he broke in. This does not tell you hwo the hacker broke in. So your server is still subject to compromission. Bests, olivier Try a find through the entire filesystem for files

Re: src.conf and cleaning up of base?

2009-08-25 Thread b. f.
I enabled a few WITHOUT_ options in src.conf. However, the binaries for that still exists after a installworld. Is there an automatic way to clean up the base install? Yes and no. These files are supposed to be removed by running: make delete-old make delete-old-libs (see /usr/src/UPDATING).

howto alias a stty erase?

2009-08-25 Thread Gary Kline
is there a way of setty'ing stty erase to [backspace key? pretty sure that is the delete key. i'm tired of having to hand set it every time when i use the Konsole term. thanks, gary -- Gary Kline kl...@thought.org http://www.thought.org Public

Re: howto alias a stty erase?

2009-08-25 Thread Scott Schappell
If you use sh or bash, you can add to .profile or .bash_profile: stty erase ^h That should do it. Type the caret (^) and (h). On Aug 25, 2009, at 6:30 PM, Gary Kline wrote: is there a way of setty'ing stty erase to [backspace key? pretty sure that is the delete key. i'm

Trying to make a mirror for a disconnected lab

2009-08-25 Thread Duncan Hutty
I'm planning to build a lab of perhaps 15 freebsd machines. Not only do I want to be a good sysadmin and only download what I need, but another issue is that these machines will live on a network that will not have a reliable connection to the internet. Therefore I want to build a mirror of

nxclient connection failure

2009-08-25 Thread Sandeep Gupta
Hi all, Not sure if this is the correct forum. If so, kindly point to appropriate mailing list. Connecting from nxclient on freeBSD to nxserver on RHEL fails with following errors: Info: Proxy running in client mode with pid '1330'. Session: Starting session at 'Tue Aug 25 20:42:56 2009'.

Re: hard disk failure - now what?

2009-08-25 Thread Kelly Martin
First, thanks to everyone for the really great replies. Many suggestions were quite helpful and have kept me on track. I'll quote a couple of people and then add some comments below. On Mon, Aug 24, 2009 at 4:32 PM, Roland Smithrsm...@xs4all.nl wrote: It _could_ just be a bad or improperly