On Fri, May 15, 2009 at 6:57 AM, Joe Pruett <[email protected]> wrote:
> > I did find a file in /var/log that was partly to blame, I also removed > some > > un-needed packages. However I'm still trying to figure out where this > space > > went. Tim mentioned the mount issue which might be a clue, I had a > > mountpoint of /backups pointing to an external USB device which was > having > > issues (turned out to be an issue with the filesystem, I changed from > reiser > > to ext3 and the problem went away) ... so the question I have, my > > understanding is that if /backups was having issues the parent partition > > which is / which is a completely different device, it is possible that > junk > > was getting written to / because of the issue with /backups ? If that is > > indeed the case, I'm wondering where I can find that garbage data which > is > > sucking up space. I have gone through each of the dir's mounted under / > and > > they don't add up to the amount showing up in df ... I have all my > configs > > and required packages that I built from source available to me so > starting > > over wouldn't take very long. I'm just wondering if there is a way to > figure > > this out before going to that extreme. > > > > Would the fact that the partition was created with 1k blocks instead of > 4k > > blocks? > > if /backups wasn't really mounted for a while and data was written to > /backups (on /), then you remounted /backups you would see this issue. > umount /backups and then see if there is data in /backups (on /). also, > rather than adding things together you can use the -x switch to du to tell > it not to cross mountpoints. so du -sx / will show the space used on / > without crossing into /home, /backups, etc. > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > Thanks Joe, What was happening with /backups using reiserfs was that during the backup job which is just a simple tar/gz operation every few days the filesystem would go into read-only mode. So there are just a few $dir.tar.gz's on /backups. I haven't found anything in / that should be on /backups when /backups is unmounted. I am seriously considering going forward with a fresh install even though this install is just over a month old, maybe 2 months old. I keep adding knowledge and it helps the install get better each time. My biggest fear of course is some sort of compromise and there was a perl script attempting to run but I viewed it's source and it didn't appear to be threatening in any way, I removed it as I don't recall installing it to begin t ith (it was a script to capture and log failed logins). That said, I secured the system the same way I have previously and hadn't experienced an exploit when secured in the way that I am, although this is a multi-user machine with various bits of web accessible software installed i.e Wordpress, PHP Gallery and MediaWiki (one user did get hit with wiki spam and his DB grew to some 8GB in size at one point before I caught it and stopped the issue. Pardon my rambling, just thinking outloud. Cheers, Drew- _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
