Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm a newbie on Linux. We are using Red Hat Linux 9. When we type the command "shutdown -h now" a message appears
Broadcast message from root (tty1) July 6, 2005
The system is going down for system halt NOW! /dev/null
RK_Init: id=0xc036f000, sct[]=0xc030a0f0, FUCK: Can't find kmalloc()!
It then back to the command prompt. If we tpye again the shutdown command the same message appears.
I look on the site you mention, and found a similar messages that had been displaying in our system. What can we do...can you have some idea how to fix this.
Thanks...
If your system has been compromised, back up user data (NOT programs/libraries -- be very sure about this, i.e. inspect your back-ups for suspicious files), reformat, and reinstall from scratch. Unfortunately, this is the only way to safely deal with a compromised system. Meanwhile, if you have a compromised box, pull it off the network immediately. (i.e. disconnect the network cable) since it is a danger to you and to others.
You probably ought to upgrade to something more recent than RH9. If you're running an unpatched RH9 with lots of services available to the Internet ... well, it's not necessarily surprising that you got cracked.
If you simply want to repair the system and move on get a knoppix CD ( http://www.knoppix.org ) so you can mount your hard drives and copy any relevant data. After that delete the disk and reinstall the system.
If you want to save yourself some trouble copy the server configs. And I would suggest getting an updated version from redhat like the fedora core 4 from http://fedora.redhat.com/download/mirrors.html
Warning: This prevents any diagnostic of the way how the machine was compromised. This usually help you learn how to prevent this in the future. It's up to you and how time critical it is to get things up again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.