I'm a newbie on Linux. We are using Red Hat Linux 9. When we type the command "shutdown -h now" a message appears

Broadcast message from root (tty1) July 6, 2005
The system is going down for system halt NOW! /dev/null
RK_Init: id=0xc036f000, sct[]=0xc030a0f0, FUCK: Can't find kmalloc()!

It then back to the command prompt. If we tpye again the shutdown command the same message appears.

Need help....

Ok, that is a bit weird. You should update the kernel or something like that and get some ACPI support to be able to powerdown completelty.

Have you been playing with the scripts or have you some extreme RBAC settings. The kernel not being able to call kmalloc is ... bizarre.

I was looking around for your weird problem and found out there is a high probability that you have been hacked.

http://redhat.irlp.net/hack_report.html

Kind of sound like your problem.

Get this to check to see if you got rootkits installed

http://www.chkrootkit.org/

I look on the site you mention, and found a similar messages that had been displaying in our system. What can we do...can you have some idea how to fix this.
Thanks...

If your system has been compromised, back up user data (NOT programs/libraries -- be very sure about this, i.e. inspect your back-ups for suspicious files), reformat, and reinstall from scratch. Unfortunately, this is the only way to safely deal with a compromised system. Meanwhile, if you have a compromised box, pull it off the network immediately. (i.e. disconnect the network cable) since it is a danger to you and to others.

You probably ought to upgrade to something more recent than RH9. If you're running an unpatched RH9 with lots of services available to the Internet ... well, it's not necessarily surprising that you got cracked.

If you simply want to repair the system and move on get a knoppix CD ( http://www.knoppix.org ) so you can mount your hard drives and copy any relevant data. After that delete the disk and reinstall the system.

If you want to save yourself some trouble copy the server configs. And I would suggest getting an updated version from redhat like the fedora core 4 from http://fedora.redhat.com/download/mirrors.html

Warning: This prevents any diagnostic of the way how the machine was compromised. This usually help you learn how to prevent this in the future. It's up to you and how time critical it is to get things up again.

For clearing your drive, I recommend DBAN: http://dban.sourceforge.net
This will get rid of everything.