[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Hacked RaQ3 won't let root do things (Permission denied)
- Subject: [cobalt-users] Hacked RaQ3 won't let root do things (Permission denied)
- From: Daniel Foster <daniel@xxxxxxxx>
- Date: Tue Feb 20 11:11:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I have a RaQ3 that's been hacked, but I thought I sorted that out.
chkrootkit says there are no vulnerabilites left.
The problem is this: About half an hour after the server is rebooted,
errors start to happen. Web pages don't display (admserv or normal), and
logged in as root, trying to do things at the command line gives lots of
'Permission denied' errors. eg.
[blah]# ls -l
ls: filename: Permission denied
ls: othefile: Permission denied
So I thought I'd do a ps and see if anything nasty was running.
[blah]# ps
Error: /proc must be mounted
To mount /proc at bott you need an /etc/fstab line like:
/proc /proc proc defaults
In the meantime, mount /proc /proc -t proc
Now proc is there, an ls will show it, but an ls -l give the same errors as
above.
For some things, I get a 'Cannot allocate memory' error. Am I just out of
memory?
An ls -l of /bin (or sbin, /usr/sbin and /usr/bin) do the same, and
consequently I can't run any of the programs therein, so I'm a bit stuck as
to things to do, short of rebooting the server again. Half an hour later
and we're back to step 1.
I'm pretty much out of ideas, and in urgent need of help. Can anyone shed
any light?
Cc:ing replies to d.foster@xxxxxxxxxxxx would be greatly appreciated, since
the 34sp.com mail goes through this address too. :-(
--
Daniel Foster - daniel@xxxxxxxx