l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2010 Oct 24 12:50

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] find not found
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] find not found



On 10/23/2010 05:26 PM, Bill Broadley wrote:
> ...
> First, backup anything important.
> 
> It could of course be a strange typo while root, but I would also be
> suspicious of a disk error.  Any hints form dmesg?  Maybe a hdparm -long
> test would be indicated.
> 
> Another possibility is a hacked machine where they replace ps/find/ls
> and friends to hide... although to be honest seems like 99% of such
> attacks these days attack the kernel and hide that way.
> 
> The only way to be completely sure is install from trusted media, but
> you could:
> * boot from trusted media, figure out where all your disk space is
>   being used.  Maybe run a rootkit detector or two (but in my
>   experience they are useless).
> * Nmap from a remote machine, make sure only the ports you expect
>   are open.
> * Make sure you are patched of course
> * monitor network traffic upstream (from a different machine/fw).. even
>   just monitoring your uplink light.

Well, current dmesg does include this:

[    1.942506] EXT4-fs (sda1): INFO: recovery required on readonly filesystem
[    1.942509] EXT4-fs (sda1): write access will be enabled during recovery
...
[    3.570223] EXT4-fs (sda1): orphan cleanup on readonly fs
[    3.570235] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 394234
...
[    3.584069] EXT4-fs (sda1): ext4_orphan_cleanup: deleting unreferenced inode 391083
[    3.584077] EXT4-fs (sda1): 18 orphan inodes deleted
[    3.584079] EXT4-fs (sda1): recovery complete
[    4.307438] EXT4-fs (sda1): mounted filesystem with ordered data mode

This goes with the reboot that I did after findutils was reinstalled and
a system upgrade via synaptic was done.  /var/log/syslog from yesterday's
reboot did not show anything like that, however I do remember that reboot
showing the BIOS startup screen a second time, which struck me as being
weird at the time.

So, maybe something is going on with the hard drive.  But I didn't see
anything in "man hdparm" about doing a suitable test.  Guess I'll do
something with fsck later tonight.  By the way nightly backups are routine
here.

Thanks.

Rod
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.