[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Forcing RW on boot

Subject: [ale] Forcing RW on boot
From: cfowler at outpostsentinel.com (Chris Fowler)
Date: Tue, 30 Mar 2010 22:37:51 -0400
In-reply-to: <[email protected]>
References: <1269968234.21416.42.camel@cfowler-desktop> <[email protected]> <1269976086.26509.19.camel@cfowler-desktop> <[email protected]>

On Tue, 2010-03-30 at 15:32 -0400, Dennis Ruzeski wrote:
> Many compromised systems I've seen with extX filesystems have the RO
> set at the fs level- Are you able to run a lsattr on the partition to
> see if it's read-only?

The system was fine until we rebooted it.  The customer received an
email from Level 3 in regards to port scans coming from the server.  It
was running our software just fine but the load average was too high and
memory usage was so bad programs were being killed but the kernel.

The reboot failed because the mount command could not be executed.  Proc
was not mounted and neither was anything else.  The FS was set to RO so
there was not much I could do.  

I could have had them burn a rescue CD and I could have restored mount
but it would have cost me too much time trying to figure out what all
had been done. 

System is back up and operational now on CentOS 5.4.  The old Fedora
Core 2 install is gone.

References:
- [ale] Forcing RW on boot
  - From: cfowler at outpostsentinel.com (Chris Fowler)
- [ale] Forcing RW on boot
  - From: brian at polibyte.com (Brian Pitts)
- [ale] Forcing RW on boot
  - From: cfowler at outpostsentinel.com (Chris Fowler)
- [ale] Forcing RW on boot
  - From: denniruz at gmail.com (Dennis Ruzeski)

Prev by Date: [ale] cabling and GA
Next by Date: [ale] cabling and GA
Previous by thread: [ale] Forcing RW on boot
Next by thread: [ale] Forcing RW on boot
Index(es):
- Date
- Thread