problem with fstab -> ROOTKITed

bmike101 at cox.net bmike101 at cox.net
Tue Mar 28 05:50:27 MST 2006 

I ran a rootkit program and I reinstalled the OS.... 
unless....  perhaps the nasty is in my home partition. 
 
 
>  
> From: Technomage <technomage-hawke at cox.net> 
> Date: 2006/03/27 Mon PM 10:00:34 PST 
> To: Main PLUG discussion list 
<plug-discuss at lists.plug.phoenix.az.us> 
> Subject: Re: hda2 error -> problem with fstab 
>  
> I have been following this thread for a while. 
> someone occurred to me just now: 
>  
> is there a possibility that the machine, in question, 
might be  
> "infected" (rootkitted, etc) and that is what keeps 
reverting the drive map? 
>  
> just a thought. 
>  
>  
> On Monday 27 March 2006 22:30, bmike101 at cox.net wrote: 
> > So are you saying that it should look like this: 
> > 
> > 
> > /dev/hda1 / ext3 noauto,users,exec 0 0 
> > #/dev/hda2 / ext3 defaults,noatime 1 1 
> > /dev/hda4 /home ext3 defaults,noatime 1 1 
> > /dev/sda1 swap swap sw,pri=1 0 0 
> > proc /proc proc defaults 0 0 
> > devpts /dev/pts devpts mode=0622 0 0 
> > none /proc/bus/usb usbdevfs defaults 0 0 
> > # Dynamic entries 
> > /dev/hda3 /data ext3 noauto,users,exec 0 0 
> > 
> > But what about the fact that these partitons were not 
> > previously named this? Would this make a difference? 
> > 
> > What about the 'Dynamic entries'? Does that mean/do 
> > anything? 
> > 
> >  Why is it behaving like this now and not before? 
> > 
> > > From: Jerry Davis <jdawgaz at cox.net> 
> > > Date: 2006/03/27 Mon PM 06:48:50 PST 
> > > To: Main PLUG discussion list 
> > 
> > <plug-discuss at lists.plug.phoenix.az.us> 
> > 
> > > Subject: Re: hda2 error 
> > > 
> > > On Mon, 27 Mar 2006 18:08:32 -0800 
> > > 
> > > <bmike101 at cox.net> wrote: 
> > > > I figured something out! When I was asked for my 
fstab 
> > 
> > I 
> > 
> > > > gave you all the fstab of the live cd. The fstab 
of 
> > 
> > the hd 
> > 
> > > > was: 
> > > > /dev/hda2 / ext3 defaults,noatime 1 1 
> > > > /dev/hda4 /mnt/hda4 ext3 defaults,noatime 1 1 
> > > > /dev/sda1 swap swap sw,pri=1 0 0 
> > > > proc /proc proc defaults 0 0 
> > > > devpts /dev/pts devpts mode=0622 0 0 
> > > > none /proc/bus/usb usbdevfs defaults 0 0 
> > > > # Dynamic entries 
> > > > /dev/hda3 /mnt/hda3 ext3 noauto,users,exec 0 0 
> > > > /dev/hda1 /mnt/hda1 ext3 noauto,users,exec 0 0 
> > > > 
> > > > I changed it to 
> > > > /dev/hda1 /mnt/hda1 ext3 noauto,users,exec 0 0 
> > > > #/dev/hda2 / ext3 defaults,noatime 1 1 
> > > > /dev/hda4 /mnt/hda4 ext3 defaults,noatime 1 1 
> > > > /dev/sda1 swap swap sw,pri=1 0 0 
> > > > proc /proc proc defaults 0 0 
> > > > devpts /dev/pts devpts mode=0622 0 0 
> > > > none /proc/bus/usb usbdevfs defaults 0 0 
> > > > # Dynamic entries 
> > > > /dev/hda3 /mnt/hda3 ext3 noauto,users,exec 0 0 
> > > > 
> > > > When I changed it I had so hoped that this would 
fix 
> > 
> > it 
> > 
> > > > yet it did not! 
> > > > What else do I need to do? 
> > > > 
> > > > for your information here is my setup: 
> > > > hda1 = root 
> > > > hda4 = home 
> > > > hda3 = data 
> > > 
> > > well you are ALL screwed up. the setup you intended 
to 
> > 
> > have and what 
> > 
> > > if /dev/hda1 is root then you should have 
> > > /dev/hda1 / (not /mnt/hda1) 
> > > 
> > > if /dev/hda4 is home then you should have 
> > > /dev/hda4 /home (not /mnt/hda4) 
> > > 
> > > if /dev/hda3 is data then you should have 
> > > /dev/hda3 /data or /mnt/hda3 if that is where you 
want 
> > 
> > it 
> > 
> > > where in the world did you get the above fstab from? 
> > > 
> > > Jerry 
> > > 
> > > > > From: <bmike101 at cox.net> 
> > > > > Date: 2006/03/27 Mon PM 05:19:18 PST 
> > > > > To: Main PLUG discussion list 
> > > > 
> > > > <plug-discuss at lists.plug.phoenix.az.us> 
> > > > 
> > > > > Subject: hda2 error 
> > > > > 
> > > > > How strange; it happened again. I reninstalled 
the 
> > 
> > OS 
> > 
> > > > and, 
> > > > 
> > > > > as before, it loaded once. After it loads once 
and I 
> > > > > shutdown it seems to think that hda2 is back. It 
is 
> > 
> > as 
> > 
> > > > if 
> > > > 
> > > > > it won't accept hda1,3,&4 without 2. Does this 
make 
> > 
> > any 
> > 
> > > > > sense? I'll reload from the hd and look at fstab 
(if 
> > 
> > I 
> > 
> > > > > can). 
> > > 
> > > -- 
> > > Hobbit Name: Pimpernel Loamsdown 
> > > Registered Linux User: 275424 
> > > 
> > > This email's random fortune: If our behavior is 
strict, 
> > 
> > we do not need 
> > 
> > > fun! 
> > > --------------------------------------------------- 
> > > PLUG-discuss mailing list - 
> > 
> > PLUG-discuss at lists.plug.phoenix.az.us 
> > 
> > > To subscribe, unsubscribe, or to change  you mail 
> > 
> > settings: 
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/ 
> > 
> > plug-discuss 
> > 
> > 
> > --------------------------------------------------- 
> > PLUG-discuss mailing list - 
PLUG-discuss at lists.plug.phoenix.az.us 
> > To subscribe, unsubscribe, or to change  you mail 
settings: 
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/
plug-discuss 
> --------------------------------------------------- 
> PLUG-discuss mailing list - 
PLUG-discuss at lists.plug.phoenix.az.us 
> To subscribe, unsubscribe, or to change  you mail 
settings: 
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/
plug-discuss 
>

More information about the PLUG-discuss mailing list