[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Lost web interface w/ raq4
- Subject: Re: [cobalt-users] Lost web interface w/ raq4
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed Jun 5 09:50:00 2002
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Jim Dory wrote:
> I'm a complete novice to linux and Cobalts.
We'll save this for later <smile>...
> I can not log onto my Raq4r with the web browser anymore.
> I have a Watchguard firewall and two raqs, one on DMZ which I can access
> via the web interface and one on trusted eth of firewll that I cannot.
Do you have a hole in the firewall for port 81?
> I can log on via telnet (from same network).
I sure hope you mean sash; telnet is a very dangerous way to log into a
RaQ, or in fact any server, as it passes passwords in open text.
> I restarted and got this (dmesg):
>
> Linux version 2.2.16C32_III (root@xxxxxxxxxxxxxx) (gcc version
> egcs-2.91.66 1999
> 0314/Linux (egcs-1.1.2 release)) #1 Fri Nov 9 21:54:54 PST 2001
> <snip>
> Receiver lock-up workaround activated.
> eth1: Invalid EEPROM checksum 0x5c2c, check settings before activating
> this devi
> ce!
It looks like you've added a nic card, and that it's bad. You might try
rebooting the RaQ without that card to see if it resolves anything.
> when I do a httpd restart I get error messages of the srm.conf file
> about syntax errors or module not loaded for line #xx regarding: UserDir
> and when I comment that out and try again it keeps on going down the
> listwith other errors. I've never edited that file.
Often errors are on a line above the reported location; you might look
there.
Have you compared srm.conf with srm.conf.master to see if it's been
changed?
Have you installed and run chkrootkit to see if your RaQ may have been
hacked?
> I do have webmin running fine,
Now we'll come back to that line about being a complete novice.
Have you used webmin to do anything? Many of the things you can do with
webmin will cause conflicts with how the RaQ works.
> I got some mail when I logged on via telnet stating that (on Sunday)
> the root partition was full and then immediately following that a mail
> message stating that the web server is down and not responding, try
> rebooting or call Support, etc. The reason the root partition was full
> is because I tried creating a directory per samba instructions in that
> partition and filled it up. I've since moved that directory out of the
> root partition and into the home partition where it belongs, leaving the
> root partition at 76% full. I don't work on the weekends so not sure
> what prompted this Sunday mail.
Possibly someone else logging in as root? Have you run chkrootkit?
There are other things which could cause a root partition to fill up,
though. Have you ever put anything else in the root directory?
Possibly something you did using webmin did?
> So can someone help me trouble shoot this thing? I would greatly
> appreciate it.
> I don't recall doing anything in particular that would mess things up,
> but maybe I did.
You may have, or it may have been hacked. First start by removing that
extra NIC card, then by installing and running chkrootkit
(http://www.chkrootkit.org/), then by comparing srm.conf with
srm.conf.master, etc.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484