[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] / is getting full
- Subject: Re: [cobalt-users] / is getting full
- From: "Rishi Gangoly" <usergroups@xxxxxxxxxxxxxxxxxxx>
- Date: Sat Jan 11 08:09:11 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Bruce Timberlake" <bruce@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, January 10, 2003 3:53 PM
Subject: Re: [cobalt-users] / is getting full
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > I got a message that / is getting full.
> >
> > I think I've got hacked. Any ideas on what I could do on a temp
> > basis to get out of this emergency.
>
> Find out where your space is going...
>
> shell in as root and do
>
> cd /
> du -ch --max-depth=3 .
>
> Also, have you installed any software like MySQL etc recently? If
> it's not installed under /home, it will start filling / pretty
> quickly...
>
> > I guess I would have to re-install the RaQ4 from scratch.
>
> Last resort, IF you determine you've been hacked...
>
> - --
> Bruce Timberlake
I know I've got hacked. Apparently the hacker has installed some root kits.
I have around 50 virtual sites configured on it using a mix of mail, ftp and
web services.
Can you tell me what configuration files are needed to be backed up so
that I can format, re-install and restore the data to system so that I have
the least amount of downtime?
Here is what I thought is needed
/etc/passwd
/etc/group
/etc/shadow
/etc/named.conf
/etc/named
/etc/mail
/etc/httpd
/home
/var
/usr/local/majordomo
Regards