Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote:
Kelly Martin kellymar...@gmail.com writes:
I just experienced a hard drive failure on one of my
FreeBSD 7.2 production servers with no backup!
...
First, try copying the entire disk, *without* mounting it.
Yep.
Use dd(1) to get
Ok, here is what lsof tells me:
$ sudo lsof | grep perl
perl5.8.9 4272 www cwd VDIR 0,76512 2 /
perl5.8.9 4272 www rtd VDIR 0,76512 2 /
perl5.8.9 4272 www txt VREG 0,82 4428 3015044
/usr/local/bin/perl
perl5.8.9
On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote:
Ok, here is what lsof tells me:
$ sudo lsof | grep perl
perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP
gw:51295-94.102.51.57:afs3-fileserver (ESTABLISHED)
The last line would be appear to telling me
Hello,
We have an HP Proliant DL380G5 with 4GB of RAM and FreeBSD 7.0 which
runs PostgreSQL 8.3 for more than a year now. No problems, except that
two days ago I noticed those messages in my kernel logs :
Approaching the limit on PV entries, consider increasing either the
vm.pmap.shpgperproc or
On Tue, Aug 25, 2009 at 10:19:37AM +0100, Mike Bristow typed:
On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote:
Ok, here is what lsof tells me:
$ sudo lsof | grep perl
perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP
gw:51295-94.102.51.57:afs3-fileserver
Jeronimo Calvo wrote:
Hi folks, im migrating from Linux to BSD, and i found my first problem...
First of all, i did save my /home from my old Linux distribution on another
HD, ext2fs partition /dev/ad6s1... I can correctly see the drive from
sysinstall.
I read about compiling the KERNEL in
Mike Bristow wrote:
On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote:
Ok, here is what lsof tells me:
$ sudo lsof | grep perl
perl5.8.9 4272 www3uIPv4 0xc33cf0000t0 TCP
gw:51295-94.102.51.57:afs3-fileserver (ESTABLISHED)
The last line would be
Actually, im just compile it and restart it... seems to be working fine
now...
By the way... who do i do that?? is that necessary?
cheers!
2009/8/25 Mark Stapper st...@mapper.nl
Jeronimo Calvo wrote:
Hi folks, im migrating from Linux to BSD, and i found my first problem...
First of all, i
Hi Colin,
Am I correct in assuming that my system has been hacked and I am running an
IRC server or something?
IRC client at least. And yes, I would think that your system has been
compromised.
Good luck,
Olivier
___
freebsd-questions@freebsd.org
Olivier Nicole wrote:
Am I correct in assuming that my system has been hacked and I am running
an
IRC server or something?
IRC client at least. And yes, I would think that your system has been
compromised.
Thanks Olivier.
I am currently killing the process with the following bash
hi,
I am writing a script in which I want to decide if disk / system is capable
to set quotas for user / groups.
how to check it?
I am thinking about
1) checking enable_quotas=YES in /etc/rc.conf
2) should I try to look in /etc/fstab? There is userquota and / or
groupquota in line for some disk
Colin,
I suppose this calls for a bare-metal reinstall.
Is it worth first trying to determine how my system was broken into?
It really depends on:
- what is installed on that machine (how long it would take to
reinstall, how many softwares, ports, specially configured stuff).
- how
Hi,
1) checking enable_quotas=YES in /etc/rc.conf
2) should I try to look in /etc/fstab? There is userquota and / or
groupquota in line for some disk device in option field.
That is enough.
1) will tell you that the system is quota capable
2) will tell you what file system is quota capabel
Never mind, cURL bug.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
hi Mark!
Im using FreeBSD 7.2-RELEASE... but im not sure about the userland, is
currently fresh installed, just compiled the KERNEL to add ext2fs support
and installed the patch for the 256-inode... nothing else... But I will take
your advise and upgrade my kernel to STABLE (as I think it will be
Jeronimo Calvo wrote:
hi Mark!
Im using FreeBSD 7.2-RELEASE... but im not sure about the userland,
is currently fresh installed, just compiled the KERNEL to add ext2fs
support and installed the patch for the 256-inode... nothing else...
But I will take your advise and upgrade my kernel to
I have as well this in the other hand: heheheh, THE BIBLE!
[image: 51dtdR9r6RL._SL500_AA240_.jpg]
2009/8/25 Mark Stapper st...@mapper.nl
Jeronimo Calvo wrote:
hi Mark!
Im using FreeBSD 7.2-RELEASE... but im not sure about the userland,
is currently fresh installed, just compiled the
In response to Colin Brace c...@lim.nl:
Olivier Nicole wrote:
Am I correct in assuming that my system has been hacked and I am running
an
IRC server or something?
IRC client at least. And yes, I would think that your system has been
compromised.
Thanks Olivier.
I am
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
In reality, good security practice says that you should have IPFW (or some
other firewall) running and
Bill, one more thing:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
Mike Bristow above wrote: The script is talking to 94.102.51.57 on port
7000. OK, so
On Tue, Aug 25, 2009 at 06:16:49AM -0700, Colin Brace typed:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
In reality, good security practice
On Tue, Aug 25, 2009 at 06:30:17AM -0700, Colin Brace typed:
Bill, one more thing:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
Mike Bristow
--On Tuesday, August 25, 2009 07:26:04 -0500 Bill Moran
wmo...@potentialtech.com wrote:
I am currently killing the process with the following bash command while I
decide what to do next:
$ while x=1 ; do sudo killall -9 perl5.8.9 echo killed... ; sleep 15;
done
You can add an ipfw rule to
Ruben de Groot wrote:
Which is exactly what the rogue perl script was using to connect to it's
home.
Once established this connection could have been used for allmost
anything,
including downloading other malicious software or setting up a tunnel into
your LAN.
Well, the box (also)
--On Tuesday, August 25, 2009 04:41:33 -0500 Ruben de Groot mai...@bzerk.org
wrote:
On Tue, Aug 25, 2009 at 10:19:37AM +0100, Mike Bristow typed:
On Tue, Aug 25, 2009 at 01:00:53AM -0700, Colin Brace wrote:
Ok, here is what lsof tells me:
$ sudo lsof | grep perl
perl5.8.9 4272 www
Ruben de Groot wrote:
Try a find through the entire filesystem for files owned by this user that
you can't account for. Also check your cron and at files under /var/cron
and
/var/at
I found the cronjob which keeps restarting the script:
[r...@venus /var/cron/tabs]# ls -l
total 12
--On Tuesday, August 25, 2009 05:46:43 -0500 Colin Brace c...@lim.nl wrote:
Olivier Nicole wrote:
Am I correct in assuming that my system has been hacked and I am running
an
IRC server or something?
IRC client at least. And yes, I would think that your system has been
compromised.
I'm setting up a firewall using FreeBSD 7.2 and thought that it may
not be a bad idea to have a continuous backup for important files like
pf and dnsmasq configurations. By continuous I mean some script that
would be triggered every few minutes from cron to automatically create
a backup of
--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote:
Bill, one more thing:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
Mike
On Mon, Aug 24, 2009 at 10:26:11PM +0200, Polytropon wrote:
On Mon, 24 Aug 2009 12:29:19 -0600, Kelly Martin kellymar...@gmail.com
wrote:
My question: what kind of checks and/or repair tools should I run on
the damaged drive after it's mounted? Or should I mount it as
read-only and start
In response to Paul Schmehl pschmehl_li...@tx.rr.com:
--On Tuesday, August 25, 2009 07:26:04 -0500 Bill Moran
wmo...@potentialtech.com wrote:
I am currently killing the process with the following bash command while I
decide what to do next:
$ while x=1 ; do sudo killall -9 perl5.8.9
per...@pluto.rain.com writes:
Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote:
Kelly Martin kellymar...@gmail.com writes:
I just experienced a hard drive failure on one of my
FreeBSD 7.2 production servers with no backup!
...
First, try copying the entire disk, *without*
On Aug 23, 2009, at 1:47 PM, Yavuz Maşlak wrote:
Hello
I wish to use freebsd7.2 as an antivirus gateway.
is there any document about that?
Could you give an advice ?
snort_inline with if_bridge provides a bit of this functionality.
You drop all incoming off at a socket which you have
In response to Paul Schmehl pschmehl_li...@tx.rr.com:
--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl wrote:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and
On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.comwrote:
In response to Paul Schmehl pschmehl_li...@tx.rr.com:
--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl
wrote:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.comwrote:
In response to Paul Schmehl pschmehl_li...@tx.rr.com:
--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace c...@lim.nl
wrote:
Bill Moran wrote:
hello i am on freesd 6 , i am trying to connect to internet using my
nokia phone. so far i got paired it with my pc and able to dialup to
my isp, problem is i get connected for sometime and gets disconnected.
i cant browse, only one dsn server gets assigned in resolv.conf,
infact there must be
On Tue, 25 Aug 2009 11:04:38 -0400, Jerry McAllister jerr...@msu.edu wrote:
dd will barf on bad bits too.
You can tinker to make it skip over the bad block, but it
won't read it.
As it has been suggested, there are interesting tools in the
ports collection. I'll post my famous list again.
Hi Daemons,
I have some troubles to get connected to an open Wifi-Net.
Its an older IBM Stinkpad 600 and I bought a new PCMCIA-card for it.
Chipset of the card is from Atheros, this is recommended by the FreeBSD
Handbook.
I boot the Laptop, the drivers seem to be compiled in the generic
Kernel.
On Tue, 25 Aug 2009 13:33:59 +0200, Mark Stapper st...@mapper.nl wrote:
Don't forget to reapply the ext2 patch... ;-)
And of course keep in mind that kernel and world (userland) have
to be of the same version, e. g. if you upgrade your sources to
7-STABLE, recompile kernel and world and install
Colin Brace wrote:
Ruben de Groot wrote:
Try a find through the entire filesystem for files owned by this user that
you can't account for. Also check your cron and at files under /var/cron
and
/var/at
I found the cronjob which keeps restarting the script:
[r...@venus
On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.comwrote:
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.com
wrote:
In response to Paul Schmehl pschmehl_li...@tx.rr.com:
--On Tuesday,
Monday, 24 August 2009 at 5:45:20 -0700, Jeff Hamann said:
thanks.
i've looked at both an acer and lenovo models and like the lenovo
model better.
I like my s10e too - but remember I don't have native wireless, I'm using ndis.
There are also some acpi glitches which the currently
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.comwrote:
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009 at 11:05 AM, Bill Moran wmo...@potentialtech.com
wrote:
In response to
On Tue, Aug 25, 2009 at 2:43 PM, Bill Moran wmo...@potentialtech.comwrote:
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009 at 12:06 PM, Bill Moran wmo...@potentialtech.com
wrote:
In response to Adam Vande More amvandem...@gmail.com:
On Tue, Aug 25, 2009
CyberLeo Kitsana wrote:
Are these files available in a tarball someplace public, for those of us
who enjoy performing autopsies on virii?
Sure thing: http://silenceisdefeat.com/~cbrace/www_badstuff.gz
this tarball contains tmpfile which is the misbehaving script as well as
the contents of
Adam Vande More wrote:
[ huge, huge snip ]
You said block by destination port. What you presented is not this,
although it gives give a functional environment of it. Sorry for the
pedantic pursuit here, but IMO terminology is important here.
I've read this thread on a 'best-effort' basis
Hello List,
I enabled a few WITHOUT_ options in src.conf. However, the
binaries for that still exists after a installworld. Is there an
automatic way to clean up the base install?
For example, I did a minimal install of 8.0-BETA2, csup'ed down
-CURRENT and set WITHOUT_RCMDS in src.conf .
Colin,
Be aware that what you listed below is what additional scripts the
hacker installed on your server after he broke in.
This does not tell you hwo the hacker broke in. So your server is
still subject to compromission.
Bests,
olivier
Try a find through the entire filesystem for files
I enabled a few WITHOUT_ options in src.conf. However, the
binaries for that still exists after a installworld. Is there an
automatic way to clean up the base install?
Yes and no. These files are supposed to be removed by running:
make delete-old
make delete-old-libs
(see /usr/src/UPDATING).
is there a way of setty'ing stty erase to [backspace key?
pretty sure that is the delete key. i'm tired of having to hand
set it every time when i use the Konsole term.
thanks,
gary
--
Gary Kline kl...@thought.org http://www.thought.org Public
If you use sh or bash, you can add to .profile or .bash_profile:
stty erase ^h
That should do it. Type the caret (^) and (h).
On Aug 25, 2009, at 6:30 PM, Gary Kline wrote:
is there a way of setty'ing stty erase to [backspace key?
pretty sure that is the delete key. i'm
I'm planning to build a lab of perhaps 15 freebsd machines.
Not only do I want to be a good sysadmin and only download what I need,
but another issue is that these machines will live on a network that
will not have a reliable connection to the internet.
Therefore I want to build a mirror of
Hi all,
Not sure if this is the correct forum. If so, kindly point to appropriate
mailing list.
Connecting from nxclient on freeBSD to nxserver on RHEL fails with
following errors:
Info: Proxy running in client mode with pid '1330'.
Session: Starting session at 'Tue Aug 25 20:42:56 2009'.
First, thanks to everyone for the really great replies. Many
suggestions were quite helpful and have kept me on track. I'll quote a
couple of people and then add some comments below.
On Mon, Aug 24, 2009 at 4:32 PM, Roland Smithrsm...@xs4all.nl wrote:
It _could_ just be a bad or improperly
55 matches
Mail list logo