Problems galore- Cobalt- Rdht 6.2?

Subject: Problems galore- Cobalt- Rdht 6.2?
From: Jim Dory (jdory@gci.net)
Date: Fri Jun 07 2002 - 09:06:51 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Jim Dory: "RE: Problems galore- Cobalt- Rdht 6.2?"
• Previous message: Christopher E. Brown: "Re: Off Topic: Need some HTML coding feedback"
• Next in thread: Jim Dory: "RE: Problems galore- Cobalt- Rdht 6.2?"

I've been looking for answers on the Cobalt users list but figured I
might have more direct help here. The problem may have begun when
creating a Samba share on a RaQ4 which uses I think Redhat 6.2 plus or
minus some Sun/Cobalt additions/deletions.

What I did was following a cookbook approach I created a share
/data/engineer which put it in the root partition. There's only root,
/home, and /var partitions. So when I started populating the share with
files it maxed out at 200 MBs. I thought this might be a Cobalt quota
limit or a Samba thing, so left it over the weekend. But in actuallity
it had completely maxed out the root partition so nothing else could be
written. Realizing my error I removed all the files and directory the
next Monday. But I think the damage was done.

Now I cannot change the password. I get a 'file locked' msg. So I
removed the etc/.pwd.lock file, I did a chattr -i /etc/passwd, and on
the group and shadow files. Looking on google I found those ideas. When
I do a lsattr passwd it returns all -------- and when I do a ls -l
passwd it returns -rw-r--r--.

On a scary note, I took a look in the shadow file and most looks normal
except for one user whose password is there in plain text.

Other problems may be Cobalt gui related. Under the Cobalt gui, it
reports that the webserver is down. When I try to restart it, I get a
[Syntax error on line 7 of /etc/httpd/conf/httpd.conf:
Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a
module not included in the server configuration /usr/sbin/httpd]

Yesterday I was getting a UserDir syntax error, but right now I'm
drawing a blank if it was restarting httpd or something else.

Investigating whether I got hacked as well, I installed and ran
chkrootkit. The first time I ran it, it reported a possible LKM worm.
But each subsequent running shows negative on all accounts. I guess I
need to read up on comparing signatures with trusted files, what is it
MD5 or something? I tried installing Kstat but it chocked on the
./configure. ERROR 1.

At this point I don't have a whole lot invested in the system and could
spend a day or so restoring it, but don't really want to do that. (No
user data or anything on it.) (Someone who knows what they're doing
could do it a whole lot quicker, I'm sure.)

I might add that I'm a novice on all this.

So my immediate desire is to get my passwords working again so I can at
least change it,
then find out if hacked,
then get the web server running (if not hacked)

Any advice?

Cheers, Jim

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Jim Dory: "RE: Problems galore- Cobalt- Rdht 6.2?"
• Previous message: Christopher E. Brown: "Re: Off Topic: Need some HTML coding feedback"
• Next in thread: Jim Dory: "RE: Problems galore- Cobalt- Rdht 6.2?"

This archive was generated by hypermail 2a23 : Fri Jun 07 2002 - 10:05:45 AKDT