Hello Forum,

I hope this is the right forum for this question??

In what may have been a malicious attack over the NFS lan one of our file servers was brought down yesterday. When I got the server started,I found the /tmp directory was full of crud packed into three huge files, created within moments of each other, which had effectively filled the /partition. After cleaning out the rubbish, a number of services cannot start any more and it seems the OS may have been damaged as well.

Rather than spend a lot of time messing around trying to find and then repair the damage, I propose to reinstall the OS to the / partition (leaving the home partitions with all the users' files in place).

To save some time getting the new OS configured, I'd like to backup and later restore the key user files for logging in and the /etc/export file. My problem is I'm not sure which files I need to backup to restore the user logins later. I want them, of course, to reconcile with the existing user folders in the /home partition.

Could someone tell me which files I have to backup. For what its worth, the server runs CentOS3.
Thanks

First of all, have your tried and fsck on the root partition? This may resolve all of your issues. Second, when you rebuild the OS, I would put /tmp on it's own partition, any user can basically DoS you if you don't have quotas enabled and tmp isn't on it's own partition. Third, the files you'll need include (this is not an exhaustive list, I'd wait while people chime in):

To Preserve your users and permission associations:

/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/etc/sudoers (if you have any sudoers enabled)
smbpasswd (wherever you keep that, if you are using samba shares)

These files only address rebuilding the system and having the users available again without having to enter in passwords again etc, I'm not sure what services you're running but you'll want to backup those configuration files as well. ***CAUTION*** When you have the system rebuilt, don't just copy and paste these files in place, use the commands vipw (to add users) and vigr (to add their groups) to add the necessary users/groups without replacing system accounts. Although a new system install should mirror system accounts, I'm not completely certain of that, and if you were to just copy the files into place you might break something that you don't want to.

HTH.
Mike.

Mike,
Thanks for this answer. I'd never thought of putting /tmp into a separate partition. Sounds like a good idea that could have spared us a big problem. I dont know these other commands yet so I'll go look them up.
Many thanks

No problem, the other commands I mention are just the vi editor, but they lock the passwd and group files while your editing them to ensure that nobody else can make changes to the files. I forgot one other command for restoring the sudoers file: visudo, same concept as the others.

Good Luck!