Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i don't know much about kernel..
but most of time i encountered kernel panic
using either Interactive boot(by pressing I)/fail safe mode/cdrom rescue mode
worked out
when u r prompted with fsck ***
just say yes
or
fsck -y /dev/hda
gl
dude, maybe you got hacked, why don't you boot using the Boot disk which I'm SURE you created when you first installed your linux box??(yeah, right...)
What distro are you running ? Try searching the forums here or try performing a search on google. But hopefully you did create a boot disk as this is going to help you get your system restored. If not, most Linux distros allow you to boot and rescue from the cd. And most likely this isn't a cause of a hack, its likely but can happen without a hack as well.
Also you could try passing this at boot:
linux init=/bin/bash
and double check your system, like /etc/fstab and possibly /etc/inittab are there with no goofups.
Yes, I have a rescue disk. I am using Red Hat Linux 7.1.
I'm pretty sure I got hacked. I am also pretty sure I know who did it. I'll deal with that later.
Anyway, booting from my floppy produces the same results as above. Even if I type linux rescue from the boot: prompt.
I tried booting from the cd. I typed linux rescue from the boot: prompt.
Here are the last 4 lines of the message text:
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
VFS: cannot open root device "" or 08:41
Please append a correct root=" boot option
Kernel Panic: VFS: unable to mount root fs on 08:41
I also tried typing linux init=/bin/bash at the boot: prompt with no change in the results.
The redhat docs say that if the /initrd/ directory is missing it will cause a kernel panic message. Yet I have no way of checking this at the moment.
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
Can you pull the physical hd and insert it in a bootable Linux machine as a secondary hard drive, then run a e2fsck on the root partition???
By the way, with an EXT2 partition, you didn't necessarily get hacked, if you got a brownout, it may have fried your data and nerfed the filesystem. It even happens (rarely) in journelized file systems. I recommend that when you get your file system up, you switch to either EXT3 or resierfs for your boot partition. I hope that also you back up your user data (including the user accounts in which your web hosting is occuring. You should be keeping those partitions seperate, and be backing them up regularly.
The nice thing is that with a reiserfs, you can boot on another media then run a resierfsck --check --rebuild-tree /dev/[device] on the partition (usually a couple of times does the trick). It then rebuilds the file tree for you, based upon the journal.
You can also patch your kernel better by the use of good partitioning, updating newer security features while not loosing data and reducing downtime on your server.
Where does your / partition reside at, /dev/hda1, /dev/hda3..etc ?? Have you tried booting passing that at boot time like the init=/bin/bash ?? something like: root=/dev/hda1
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
I recently thought I was the victim of a hack as well. What it was, was a fairly reproduceable problem in which I was deleting the cache for konqueror manually, and a version of konqueror still had that object open. The end result was a ghosted file that could not be erased because it really did not exist. If it was a file that the system wanted to re-create each time, it would lead to problems. Each time I tried to run konqueror, it caused a kernel panic. Mozilla worked fine, so I knew it was no problem with the set-up in general. What it was was the cache entries for my home-page, as stored in the kio_http cache was not permitting new files of the same name to be created. It caused the kernel panic and the result was a mess that took a re-install and data shuffling to fix (I didn't know how to use reiserfsck properly at the time).
If the particular file is critical to something the program using it is doing, it can cause a kernel panic. The machine will reboot and you will be left with the same problem again. Doing a tree reconstruct with the appropriate fsck for the file system you are using will likely solve the problem. It will remove the ghosted entry and allow the program or daemon or whatever to re-create the file it was trying to create in the first place. Result,... no kernel panic.
You need to do a complete fsck on the root disk somehow. What is likely your problem is that something is being prevented from being able to write to a particular file and it causes the kernel to go nuts. I find it unlikely that it is a hack attack, although you are using a particularly old installation of Red Hat, and if you haven't done security updates, you MAY have been attacked.
What are you running off of that web server that makes you think you were attacked???
Anyway,...
Mount that file system though some other means (another bootable drive). Then run the fsck appropriate to that file system on it (efsck??), with the right parameters to reconstruct the file system tree. The man pages can show you the correct syntax (i.e. type: man fsck at a console prompt). For the future, make sure you back up critical configuration files to another source once you get it up and running, in case the only solution is a clean re-install.
Here is where I'm at.
I tried the drive as a slave drive in my other linux box. I couldn't access it. I couldn't even get it to mount in linux. The computer and bios said there was a drive there, but that was as far as I got.
I tried a couple of linux rescue disks - same results as with the cd and boot disk.
Think it's time to throw in the towel and start over?
Why do I think I was hacked? I didn't have anything on my site that was worth hacking. For that matter, I t was only one page that wasn't even finished. We been having difficulties with a neighboring business, a bunch that would probably not have too much difficulty hacking a system. I'll leave it at that.
While doing all of this I downloaded Mandrake Linux 8.2 and redid my fileserver (with EXT3 partitions) - which also was running Red Hat 7.1. You know, I kind of like Mandrake. Anyway, I am still trying to download the rest of RH 7.3. But I'm getting throughtput on my DSL line of about 9-12 cps. Needless to say it is taking forever.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.