On Friday 01 Jul 2011, asterisk asterisk wrote: > I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it > > When using GUI to access, I got this error > > *** glibc detected *** /usr/sbin/asterisk: double free or corruption > (!prev): 0x0919c070 *** > > The server cannot be connected via GUI and the asterisk CLI dropped and > exit into linux command line.
Ooo-er. Last time I got an error like this, it turned out that the box had been compromised with a rootkit. Luckily, most rootkits give themselves away in trying to make themselves hard to detect / remove: first they replace some system utilities (which, on Debian, also breaks colour directory listings) with specially munged ones (for instance, an ls command that will deliberately not show any of the rootkit's own extra files; a ps that will not show the extra processes; a netstat that will not show the rootkit's network connections; and so forth) and then they set the extended attributes on the new files to prevent them from being overwritten. So checking extended attributes can give you a clue that all is not well. Try # lsattr /bin # lsattr /usr/bin # lsattr /sbin # lsattr /usr/sbin All files should have a row of - signs in the left hand column. Any "a" or "i" in a file's attributes indicates that the file has had its extended attributes modified, and you should be suspicious. Note: ignore any errors such as "lsattr: Operation not supported While reading flags on /bin/nc" (this just means the file is a symbolic link, and these don't have extended attributes). -- AJS Answers come *after* questions. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users