Bill Campbell wrote:
On Mon, Mar 24, 2008, Dan Bongert wrote:
Hello all:
I have a couple CentOS 4 servers (all up-to-date) that are having strange
command failures. I first noticed this with a perl script that uses lots of
system calls.
Basically, sometimes a command just won't run:
thoth(52) /tmp> ls
...
thoth(66) /tmp> uname -a
Linux thoth.ssc.wisc.edu 2.6.9-67.0.7.ELsmp #1 SMP Sat Mar 15 06:54:55 EDT
2008 i686 i686 i386 GNU/Linux
Nothing in either dmesg or /var/log/messages seems to indicate any
problems. It also doesn't seem to matter what the command is -- ls is the
quickest test, but sshd will sometimes to fail to spawn children, etc.
There aren't a large amount of processes on the machine either -- only 122
at the moment.
There is a very good chance that the machine has been cracked,
and the system's /bin/ls routine replaced by one hacked to hide
the cracker's programs. ``rpm -V coreutils procps util-linux''
may well show several critical programs changed.
Everything seems OK there:
thoth(96) /tmp> sudo rpm -V coreutils procps util-linux
You can also try running ``strace /bin/ls'' to see what is going on.
Funnily enough, running strace will work just fine. Though, as I said, just
about any command will fail -- 'ls' was just for testing purposes.
Bill
--
INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
When I hear a man applauded by the mob I always feel a pang of pity
for him. All he has to do to be hissed is to live long enough.
-- H.L. Mencken, Minority Report
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Dan Bongert dbongert@xxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
