At first I thought somebody had hacked my box. Files were not executing
properly by unprivileged users, /usr/local/ had nothing in it, and
libproc.so as well as dozens of other files (eg. ifconfig, netstat, df
etc) had the wrong file permissions. Console logins failed, and "exec
login"'s from a shell segfaulted; which was later fixed by reinstalling
util-linux-2.11f-9.rpm - which also fixed the console login problem.
SSH still worked however, and I usually su root so the console login &
file perms problem went undetected for a few days. My guess is SSH
invokes its own login, instead of using /bin/login via the gettys.
Anyway, Checking the syslogs for irregularities showed the usual
rpc.statd attacks which is normal on IRC ...
So either somebody hacked my box, back-doored a shitload of seemingly
important binaries, or trying DoS. I did some further superficial
checking with "last -n100" and 'who' and found no weird user patterns.
So hopefully I didn't get hacked.
I'm now left with a heavy motive for a UPS and tape backup solution or
freshmeat's mkcdrec/mondo or something. The real problem is however,
overcoming some of the weirdness of the aftermath of severe electrical
turbulence effecting my server. Here're some of them:
* Directories exists, but ls on them don't display files. You have to cd
to a directory first:
[root@f1 /]# command ls -al /usr/local/
[root@f1 /]# command cd /usr/local/
[root@f1 local]# command ls -al
total 52
drwxr-xr-x 14 root root 4096 Feb 8 03:30 .
drwxr-xr-x 18 root root 4096 Jan 12 03:40 ..
drwxr-xr-x 2 root root 4096 Feb 13 20:29 bin
drwxr-xr-x 2 root root 4096 Feb 7 1996 etc
drwxr-xr-x 2 root root 4096 Feb 7 1996 games
...
* files can stat, but ls -al don't display existing files:
[root@f1 /]# command ls -al /var/lib/slocate/
total 96
drwxr-xr-x 23 root root 4096 Dec 21 20:58 .
drwxr-xr-x 26 root root 4096 Feb 24 06:11 ..
...
drwxr-xr-x 2 rpm rpm 4096 Feb 24 04:02 rpm
drwxr-xr-x 66 root root 4096 Dec 22 06:28 scrollkeeper
<!-- no slocate directory shown -->
drwxrwxrwt 2 root root 4096 Dec 22 07:06 texmf
...
[root@f1 /]# command cd /var/lib/slocate/
[root@f1 slocate]# command ls -al
total 8
drwxr-x--- 2 root slocate 4096 Feb 20 04:07 .
drwxr-xr-x 23 root root 4096 Dec 21 20:58 ..
[root@f1 06:51:37 slocate]#
<!-- huh ? "total 8", where ? -->
[root@f1 slocate]# command stat slocate.db
File: "slocate.db"
Size: 2128829 Blocks: 4168 IO Block: 4096 Regular File
Device: 303h/771d Inode: 1406996 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 21/ slocate)
Access: Sat Feb 23 20:13:27 2002
Modify: Wed Feb 20 04:07:35 2002
Change: Wed Feb 20 04:07:35 2002
[root@f1 slocate]#
These sorts of problems afaik thus far, are affecting my cron jobs eg.
jobs like updatedb don't work because it can't find the destination
file.
Evidently I have filesystem corruption problems. I believe they're more
accurately inode problems. Is there a magic calibration or fsck solution
to all of this ? perhaps relinking/refreshing/reinitialising inodes to
existing files and writing them out on the filesystem if somebody gets
my drift ?
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
