[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] httpd not working on Raq4

Subject: RE: [cobalt-users] httpd not working on Raq4
From: "Roger Lewis" <re.lewis@xxxxxxxxx>
Date: Wed Jul 17 05:52:03 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Jeff,

I force installed all the rpms from RaQ4-All-Security-2.0.1-15417.pkg.

This includes:
rpm -i --force apache-1.3.20-RaQ4_1C3.i386.rpm
rpm -i --force apache-admsrv-1.3.20-RaQ4_1C3.i386.rpm
rpm -i --force apache-devel-1.3.20-RaQ4_1C3.i386.rpm
rpm -i --force apache-mod_perl-1.3.20-RaQ4_1C3.i386.rpm
rpm -i --force apache-openssl-1.3.20-RaQ4_1C3.i386.rpm

Maybe I should do it again?

Hacked?  Is there an easier way to find out.  I took a look at the
chkrootkit web site, and I think that's way beyond my capabilities.  The
subject of rootkits looks interesting though.

If I have to restore, what's a cmu save?

Roger

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeff Lasman
Sent: Tuesday, July 16, 2002 10:44 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] httpd not working on Raq4

Roger Lewis wrote:

> My co-locator, rackshack.net, says this resulted from my force install of
> the Cobalt Apache patch rpms on July 10.  It doesn't seem logical to me
> since everything has been working for 5 days.

What file(s) did you patch?  Just get them off a working RaQ4 (I can
supply them if necessary) and write them over yours.

You may have been hacked.  Have you run chkrootkit (see
"http://www.chkrootkit.org/";).

> Does anyone have any idea how to get this machine back up short of a
> restore.

If you've been hacked then the easiest/quickest way may be to restore,
but you can probably do a cmu save first, and save the resulting
directory structure in a tarball.

But I'd try restoring the files you patched first.

Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] httpd not working on Raq4
  - From: Jeff Lasman

Prev by Date: [cobalt-users] cobalt-users digest, Vol 1 #4735 - 1 msgs
Next by Date: Re: [cobalt-users] cobalt-users digest, Vol 1 #4735 - 1 msgs
Previous by thread: RE: [cobalt-users] httpd not working on Raq4
Next by thread: Re: [cobalt-users] httpd not working on Raq4

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index