LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 10-06-2006, 03:41 AM   #1
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Rep: Reputation: 62
stat.d run as root...should be chowned


hi all,

trying to setup nfs on a pc in slackware 11.0 and I get this error message below, and i've been googling and reading manuals. but most stat.d stuff that i see is really old.

here is /var/log/messages:
Quote:
rpc.statd[2682]: statd running as root. chown /var/lib/nfs/sm to choose different user
I thought that lock.d locked this? does this need to be done? if so is it to be chowned over to a normal user? and will it stay that way, or do I need to do that on boot every time.

/etc/hosts.deny is as follows:
portmap: ALL
lockd: ALL
mountd: ALL
rquotad: ALL
statd: ALL
# End of hosts.deny.

thank you in advance.

the computer is to only have nfs and that's it, no samba, no ftp, mail servers. just a regular home pc in non windows environment
 
Old 10-10-2006, 08:32 AM   #2
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
ever so gentle 'bump'
 
Old 10-18-2006, 10:51 AM   #3
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
ever so gentle 'bump' # 2
 
Old 10-19-2006, 07:04 AM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
I see the same thing on my NFS server, but I'm in the same boat as you.... I have no idea if this is a security issue or not. Maybe we ask the nice mods to move this one to the Slackware forum as it seems to be a change introduced with 11.
 
Old 10-19-2006, 01:31 PM   #5
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
Hi Handog,

Thank you for giving me feedback.

I just had a real bad stroke of luck and I think it's due to this.

I was running rkhunter today on my pc and it found parts of the TOrn rootkit on me. I went thru all my logs on that pc and on my network scanner, and nothing bad happened (thank god).

I've been doing some research on this rootkit, and it is known according to 'cert' to take action on the rc.statd daemon!

It was able to open up a listening port of 47107 as it usually does, but was not able to do much else. The exploit happened in last 24 hrs since the last cron. I verified the port was open with netstat -l ..no app's were listed as using it tho. The rootkit wasn't able to create the /usr/src/.puta

So now the entire pc is being DOD wiped. All linux boxen are now not allowed to see internet or each other...back to windows until I get this figured out.
 
Old 10-19-2006, 02:21 PM   #6
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Sorry to hear that, it sounds ugly. Was the nfs server actually exposed to the internet? My understanding was that nfs wasn't really robust enough to allow access outside of a LAN. I haven't been too worried about mine since I've got it behind a router and a firewall but maybe I should be.
 
Old 10-20-2006, 11:52 AM   #7
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
Hi handog,

The pc was only doing nfs, cups and samba for other pc's on the lan, and I had a really strict hosts.allow and host.deny and I had the tcp wrapper's on. And the logs I have for the lan do not show any out of 'wack' connections, or massive traffice in / out over the days leading up to the event.

I think when I finally get the pc wiped and reloaded, I'm going to follow a tutorial I found that let's you do nfs over ssl for the lan pc's just to play it safe, not sure if cups and samba can be done that way tho. Tho I would suspect lan traffic would be slow.

But I'm really hoping that other's would advise if the rc.statd should be chowned to a different user and if so who?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forbidden error when chmodded 777 and chowned apache Raybrandt Linux - Server 1 08-21-2006 08:38 PM
'cannot stat' script in /etc/rc.d/, try to run script at startup quintan Linux - Software 1 11-21-2005 02:53 AM
Can't run LILO error : Fatal:raid_setup:stat("/dev/hdi1") robban59 Linux - Newbie 4 05-31-2005 04:44 PM
Linux stat to Windows Stat sridurai Programming 3 09-24-2004 04:07 PM
LimeWire installed as root, can't run if not root sulzla Linux - Newbie 1 07-01-2003 07:48 PM


All times are GMT -5. The time now is 11:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration