[asterisk-users] error in GUI access
I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it When using GUI to access, I got this error *** glibc detected *** /usr/sbin/asterisk: double free or corruption (!prev): 0x0919c070 *** The server cannot be connected via GUI and the asterisk CLI dropped and exit into linux command line. Appreciate if help can be provided CK -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] error in GUI access
On Friday 01 Jul 2011, asterisk asterisk wrote: I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it When using GUI to access, I got this error *** glibc detected *** /usr/sbin/asterisk: double free or corruption (!prev): 0x0919c070 *** The server cannot be connected via GUI and the asterisk CLI dropped and exit into linux command line. Ooo-er. Last time I got an error like this, it turned out that the box had been compromised with a rootkit. Luckily, most rootkits give themselves away in trying to make themselves hard to detect / remove: first they replace some system utilities (which, on Debian, also breaks colour directory listings) with specially munged ones (for instance, an ls command that will deliberately not show any of the rootkit's own extra files; a ps that will not show the extra processes; a netstat that will not show the rootkit's network connections; and so forth) and then they set the extended attributes on the new files to prevent them from being overwritten. So checking extended attributes can give you a clue that all is not well. Try # lsattr /bin # lsattr /usr/bin # lsattr /sbin # lsattr /usr/sbin All files should have a row of - signs in the left hand column. Any a or i in a file's attributes indicates that the file has had its extended attributes modified, and you should be suspicious. Note: ignore any errors such as lsattr: Operation not supported While reading flags on /bin/nc (this just means the file is a symbolic link, and these don't have extended attributes). -- AJS Answers come *after* questions. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] error in GUI access
Hi, I did not find any file with a or i with your suggested commands. Any other clues? CK On Fri, Jul 1, 2011 at 6:23 PM, A J Stiles asterisk_l...@earthshod.co.ukwrote: On Friday 01 Jul 2011, asterisk asterisk wrote: I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it When using GUI to access, I got this error *** glibc detected *** /usr/sbin/asterisk: double free or corruption (!prev): 0x0919c070 *** The server cannot be connected via GUI and the asterisk CLI dropped and exit into linux command line. Ooo-er. Last time I got an error like this, it turned out that the box had been compromised with a rootkit. Luckily, most rootkits give themselves away in trying to make themselves hard to detect / remove: first they replace some system utilities (which, on Debian, also breaks colour directory listings) with specially munged ones (for instance, an ls command that will deliberately not show any of the rootkit's own extra files; a ps that will not show the extra processes; a netstat that will not show the rootkit's network connections; and so forth) and then they set the extended attributes on the new files to prevent them from being overwritten. So checking extended attributes can give you a clue that all is not well. Try # lsattr /bin # lsattr /usr/bin # lsattr /sbin # lsattr /usr/sbin All files should have a row of - signs in the left hand column. Any a or i in a file's attributes indicates that the file has had its extended attributes modified, and you should be suspicious. Note: ignore any errors such as lsattr: Operation not supported While reading flags on /bin/nc (this just means the file is a symbolic link, and these don't have extended attributes). -- AJS Answers come *after* questions. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
