[UFO Chicago] Sad crashing of Linux server

Jesse Becker jesse_becker@yahoo.com
Fri, 2 Aug 2002 19:36:03 -0700 (PDT)


--- Ian Bicking <ianb@colorstudy.com> wrote:
> ordinary.  The one
> really odd thing is I can't ssh in with normal user
> accounts, only with
> root... hmmm... but I can telnet in.  It gives me the
> message "System
> bootup in progress - please wait", before it even gets to
> the password
> prompt... hmmm... and then I delete /etc/nologin and it
> works.  Okay, so
> that wasn't anything...

That *is* odd.  If you can telnet in via root, try running
strace on the various processes that allow connections:
telnet, ssh, pop, etc.  See if you can figure out where
they fail.

Also, back on the tripwire/hacking thing:  is there some
way you could generate known good checksums (MD5 and
similar), and compare it against what you have now?

One of the neatest things that Sun has done is create a
database of all their "official" checksums, and make it
publically available.  You can query any file that ships as
a stock part of Solaris. 
http://sunsolve.Sun.COM/pub-cgi/fileFingerprints.pl

> it (if they
> were stealthy they wouldn't shut down my services -- if
> they weren't
> stealthy, I'd notice something odd about the system).

If they are clever, they'll confuse you. ;-)

--Jesse

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com