Re: [Users] no such file or directory
Dariush Pietrzak wrote: $ strace -ff /vz/100/root/bin/ls You're trying to run a binary from inside the VE in HN's context? I't dangerous. And it probably doesn't work because ls is linked to something in VE that doesn't exist on HN (try ldd /bin/ls or ldd /vz/100/root/bin/ls) (which would be surprising, because ls is small program and shouldn't depend on anything exotic). I've just done it for debugging purposes. The point it's not working. /bin/ls is hardlinked, it should not depend on anything. Thank you, tamas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] no such file or directory
Pongracz Istvan wrote: probably the correct way is: vzctl exec 100 'strace -ff /bin/ls' If the strace exists in the container, it must work. Why shoud I want to run it like this? I know, it's not working in the container and I want to see it outside. Thanks, tamas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] no such file or directory
Pongracz Istvan wrote: 2008. 12. 4, csütörtök keltezéssel 12.01-kor Alexander Prinsier ezt írta: Papp Tamás wrote: Dariush Pietrzak wrote: $ strace -ff /vz/100/root/bin/ls You're trying to run a binary from inside the VE in HN's context? I't dangerous. And it probably doesn't work because ls is linked to something in VE that doesn't exist on HN (try ldd /bin/ls or ldd /vz/100/root/bin/ls) (which would be surprising, because ls is small program and shouldn't depend on anything exotic). /bin/ls is hardlinked, it should not depend on anything. You probably mean statically linked. /bin/ls usually is dynamically linked. At least in any standard distro... Statically linked executables aren't very common. Anyway, please post the output of ldd /bin/ls and ldd /vz/100/root/bin/ls to help us help you. probably the correct way is: vzctl exec 100 'strace -ff /bin/ls' If the strace exists in the container, it must work. btw you can mount container by 'vzctl mount 100' command, then you can make chroot /vz/root/100 and then start strace thank you, Vasily Averin ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] no such file or directory
Vasily Averin wrote: btw you can mount container by 'vzctl mount 100' command, then you can make chroot /vz/root/100 and then start strace Is it a big mistake to chroot only to /vz/private/100 without vzctl mount? tamas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] no such file or directory
Papp, I don't think you have stated what distro you are running in the problem container. Most package managers offered by distros have a way to verify the checksums of packages installed by the package manager. So enter the container and do that. The modified files should stick out like a sore thumb. While it is possible for crackers to alter package manager binaries as well... it is considerably more work to modify the package databases that go along with them... and I haven't seen that happen out in the wild... so it is less likely. If your package manager says a number of binaries have been altered (rather than say the corrupted as a the result of disk/filesystem failures)... make a list of the altered binaries and run the strings command on one or more of them. Usually altered binaries will have some text within them that makes it obvious they are cracker tools. If you come to the conclusion your container has been compromised almost everyone will tell you to crap it and make a new container and migrate data. Some of the adventurous will actually try and fix the compromise by re-installing the packages that have compromised binaries. Of course you also should find the cause of the compromise and fix it if at all possible. Some causes are guessed/broken passwords without any real software vulnerability being involved. TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931 [work] ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
