LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 07-03-2005, 04:24 AM   #1
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Rep: Reputation: 15
Bus error


I'm currently having trouble running any commands on my server.

When I ssh in, running top or ps gives me "Bus error", and running df gives me a seg fault.

This has only started happening recently.

Ideally I'd like to solve this without a reboot, by the way.

Edit:
Uh oh - I found this in /root:
http://www.bratch.co.uk/coven/sslmass2.gz

(That's the server domain by the way)

I also couldn't copy that file using cp, had to use an upload script. cp seg faults.

Also it is running kernel 2.4.26 and apache Apache 1.3.31 with OpenSSL 0.9.7d.

Last edited by bratch; 07-03-2005 at 04:36 AM.
 
Old 07-04-2005, 02:23 PM   #2
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
Look like a real deep and bad library problem. Have you tried updating (you are running Gentoo right?) your system.
When did this problem started, was it after an update?

Btw, according to versions you gave us, your system is out-dated, have you considered you might have been rooted?
 
Old 07-04-2005, 03:27 PM   #3
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
I didn't do anything to cause it, but the appearance of the file in /root suggests that it was an intruder that caused it, not me.

It's running Slackware 10.0, and yes it was outdated - I think this may be why it has happened, ie. an unpatched security flaw.
 
Old 07-04-2005, 04:00 PM   #4
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
errrrk you probably been rooted (read : hacked) then.
Your SSL version was (is) pretty out-dated the attacker maybe exploited this to get in.

Ok, so the first thing to do is to turn off the network connection now. Your computer is probably already used as a spam send plateform/warez website/DDOS zombie.
Second, go get some live-cd distro ( I recommend knoppix but anything will do it) and boot from it then mount your slackware partition. You might want to search for evidences ( any "proof" someone breaked in) but don't take there is no problem if you don't find any. In _ANY_ case my guess would be backup/format/reinstall/update . I don't think you want to become the spam king or to be used to flood ebay, so if you are any suspicious that you have been hacked, you better reinstall and fix up the new system.
 
Old 07-04-2005, 04:07 PM   #5
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
Looks like this is the perfect oppertunity to migrate my final machine (that server) to Gentoo.

Thanks for advice - I thought this'd be the case but wanted a second oppinion.

Far easier to keep up to date with Gentoo too, so hopefully won't be caught out by not patching ot the future.
 
Old 07-04-2005, 04:53 PM   #6
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
yup, I switched from Slackware to Gentoo because it was way easier to update Gentoo... Still, the KISS ( Keep It Simple Stupid) philosophy of Slackware seize me, some Gentoo "advanced" feature are just bugging me (example: why does my hostname has to be setted in /etc/conf.d/hostname now, considering all *nix flavors put it in /etc/hostname since twenty years at least??).
 
Old 07-04-2005, 04:56 PM   #7
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
I've just noticed that myself about Gentoo - I took a bit of a gamble and deleted /etc/domainname after filling in the new one... It wasn't clear if you're meant to though.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bus error? doodykimo Linux - Newbie 2 03-30-2005 05:33 AM
mozilla 1.4.1-18 - Bus Error drumak Linux - Software 1 01-01-2004 11:55 AM
Bus Error? Chu Linux - Newbie 4 12-21-2003 11:42 PM
Bus error linuxanswer Programming 2 11-10-2003 03:38 AM
Bus error anamika123 Linux - General 2 08-01-2002 05:52 PM


All times are GMT -5. The time now is 03:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration