At 8:40 -0500 11/30/2001, Gerald Waugh was thought to have said :
> Shouldn't the Cobalt special sauce be taking care of starting the mirrorprocess after a failed disk is replaced? Could anyone from Sun verify why this wouldn't happen?Yes, but I don't think it's special sauce that does it. It's a feature of Raid 1 It is going to sync the drives. In the original message, someone wanted to know how to fix his Raid1 which broke when a RaQ4i update was applied to a RaQ4r
Thanks fro the info. As it turns out the problem is not the software. The RaQ4r we have been renting has turned out to be a RaQ4i. This should have been apparent to me right from the get go so I feel a little stupid only noticing it after 6-7 months of hosting with Datapipe.
But, before anyone says anything bad about Datapipe, they solved the issue within minutes of me complaining and all is fine with a more than adequate reason for the mix up and a more than adequate solution which makes us all happy.
One thing I would like to point out on the list though. when datapipe was looking into the problem, they needed our root password. Well this was the first time that we ever gave this out. Within a few minutes of Datapipe logging into our server through SSH as admin (same password, yes we have changed that now), some unknown user from some frightening IP address also logged into our server for 7 hours!!! I caught this while the unknown person was actually logged in. we immediately changed the passwords, got the guy off the server and spent several hours digging through logs, and checking everything that might point to a hacker having done something. We found absolutely nothing was changed or modified. I know we can never be sure, but nothing appears touched in any way. The only thing that was done while this person was on our server, was the FreeBSD Ports collection was uploaded to our server, uncompressed and one attempt was made at installing CVS. Oh, and 2 nslookups were done also. The guy did not cover these over. We have spoken to Datapipe and they assure us that they have no connection to the IP address in question and will monitor to the best of their ability this situation.
All that to say. When you give your password to any colocation facility for anything, 1 - you are taking your server out of secure mode in a bad way. 2 - Change your password immediately after any work is done, and if possible monitor the work being done while it is being done.
If anyone is interested in the IP address of the infiltrator or if you all think I should post it, let me know.
If anyone has any advice of things I should check that I might have missed, please let me know. We are still monitoring our server very carefully. How comfortable should we feel.
-- James Riordon SysAdmin http://www.amigo-3.com