Prev: Using Arial Narrow in OpenOffice.org
Next: Winsonic Motherboards
From: =?utf-8?Q?Fran=C3=A7ois?= TOURDE on 21 Jul 2010 18:00
Le 14811ième jour après Epoch,
Sergey Spiridonov écrivait:

> Hi
>
> On 07/21/2010 03:40 PM, Jochen Schulz wrote:
>
>> One possible reason: your memory is corrupt. Run memtest86 to check
>> that.
>
> I think memory is not the reason, because some time ago I get broken
> /etc/shells file also on another machine, which is running Lenny.

If you are so confident, why asking here?

1) Try memtest, it's a good idea.

2) Unplug you box from the net, to avoid more corruption

3) Check the syslog about disk errors

4) Check colocs/friends/family for any acces to your box

5) Tell us more about software installed, especially non Debian packaged
software.

6) If you are creationist, ask God ;)


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/87vd88qz9i.fsf(a)fermat.tourde.home
From: Sergey Spiridonov on 23 Jul 2010 04:10
Hi

On 07/21/2010 06:45 PM, Chris Davies wrote:

> For breakage of something as significant as /etc/shells, I'd prioritise
> investigations in that order. Memtest86+ is a no-brainer, so let it
> test your machine. Are you using a kernel that's got known issues with
> whatever filesystem you are using for /etc? (Have you looked?)

I will do checks today just need to buy cdrom first. I will report
memtest86+, fsck and chkrootkit results this evening. Kernel is current
squeeze kernel. Filesystem is ext3. AFAIK ext3 is quite stabe now.

Today i found addidtionaly hidden files in /etc

..passwd.swn and similar .p.*

file tells that they are vim swap files, but inside they also contain
keyboard logs (among other data).

> What was the outcome of your investigation into the previous situation?

The prevoius situation happens on the providers virtual hosting, so I
can not do a lot. Perfromed nmap from outside, chkrootkit from inside
with no results.

--
Sergey


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/52vnh7-83o.ln1(a)legba.gamic.com
From: Sergey Spiridonov on 23 Jul 2010 05:10
Hi

On 07/21/2010 11:51 PM, François TOURDE wrote:

>> I think memory is not the reason, because some time ago I get broken
>> /etc/shells file also on another machine, which is running Lenny.
>
> If you are so confident, why asking here?

I am not confident and I will do this tests (just need to buy cdrom
first), just expressed my opinion on this. I found also yesterday swp
files with keyboard logs (see my other mail).

> 1) Try memtest, it's a good idea.

Will do this evening.

> 2) Unplug you box from the net, to avoid more corruption

Done.

> 3) Check the syslog about disk errors

There are no.

> 4) Check colocs/friends/family for any acces to your box

Done.

> 5) Tell us more about software installed, especially non Debian packaged
> software.

Since i upgraded to squid I did not install something special. Before,
in lenny i did compile, packaged and installed several packages like
openttd with highres graphics patch, mozilla and its dependencies from
testing, also adobe flash from debian-non free and nvidia from debian
non-free are installed. That is all I remember right now.

> 6) If you are creationist, ask God ;)

Will try, good idea :)
--
Sergey


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/duvnh7-t3o.ln1(a)legba.gamic.com
From: Sergey Spiridonov on 25 Jul 2010 14:00
Hi

I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
knoppix to mount and check my partitions with fsck and chkrootkit,
bevause latest knoppix (6.2.1) for whatever reason does not include
cryptsetup. :(

--
Best regards, Sergey Spiridonov


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/i2htm6$4rd$1(a)dough.gmane.org
From: Jordon Bedwell on 25 Jul 2010 18:40
On 7/25/10 12:52 PM, Sergey Spiridonov wrote:
> Hi
>
> I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
> knoppix to mount and check my partitions with fsck and chkrootkit,
> bevause latest knoppix (6.2.1) for whatever reason does not include
> cryptsetup. :(
>

You can however use the Ubuntu live CD (or preferably liveUSB ~ since
you can install a few necessary packages you might want) to do that.
Knoppix is just godly because it includes a lot of tools that you will
want to repair your system, but you can of course, build the same thing
using any liveCD if you so choose.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4C4CBB15.5000400(a)envygeeks.com
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Using Arial Narrow in OpenOffice.org
Next: Winsonic Motherboards