problem with fstab -> ROOTKITed
bmike101 at cox.net
bmike101 at cox.net
Tue Mar 28 05:50:27 MST 2006
I ran a rootkit program and I reinstalled the OS....
unless.... perhaps the nasty is in my home partition.
>
> From: Technomage <technomage-hawke at cox.net>
> Date: 2006/03/27 Mon PM 10:00:34 PST
> To: Main PLUG discussion list
<plug-discuss at lists.plug.phoenix.az.us>
> Subject: Re: hda2 error -> problem with fstab
>
> I have been following this thread for a while.
> someone occurred to me just now:
>
> is there a possibility that the machine, in question,
might be
> "infected" (rootkitted, etc) and that is what keeps
reverting the drive map?
>
> just a thought.
>
>
> On Monday 27 March 2006 22:30, bmike101 at cox.net wrote:
> > So are you saying that it should look like this:
> >
> >
> > /dev/hda1 / ext3 noauto,users,exec 0 0
> > #/dev/hda2 / ext3 defaults,noatime 1 1
> > /dev/hda4 /home ext3 defaults,noatime 1 1
> > /dev/sda1 swap swap sw,pri=1 0 0
> > proc /proc proc defaults 0 0
> > devpts /dev/pts devpts mode=0622 0 0
> > none /proc/bus/usb usbdevfs defaults 0 0
> > # Dynamic entries
> > /dev/hda3 /data ext3 noauto,users,exec 0 0
> >
> > But what about the fact that these partitons were not
> > previously named this? Would this make a difference?
> >
> > What about the 'Dynamic entries'? Does that mean/do
> > anything?
> >
> > Why is it behaving like this now and not before?
> >
> > > From: Jerry Davis <jdawgaz at cox.net>
> > > Date: 2006/03/27 Mon PM 06:48:50 PST
> > > To: Main PLUG discussion list
> >
> > <plug-discuss at lists.plug.phoenix.az.us>
> >
> > > Subject: Re: hda2 error
> > >
> > > On Mon, 27 Mar 2006 18:08:32 -0800
> > >
> > > <bmike101 at cox.net> wrote:
> > > > I figured something out! When I was asked for my
fstab
> >
> > I
> >
> > > > gave you all the fstab of the live cd. The fstab
of
> >
> > the hd
> >
> > > > was:
> > > > /dev/hda2 / ext3 defaults,noatime 1 1
> > > > /dev/hda4 /mnt/hda4 ext3 defaults,noatime 1 1
> > > > /dev/sda1 swap swap sw,pri=1 0 0
> > > > proc /proc proc defaults 0 0
> > > > devpts /dev/pts devpts mode=0622 0 0
> > > > none /proc/bus/usb usbdevfs defaults 0 0
> > > > # Dynamic entries
> > > > /dev/hda3 /mnt/hda3 ext3 noauto,users,exec 0 0
> > > > /dev/hda1 /mnt/hda1 ext3 noauto,users,exec 0 0
> > > >
> > > > I changed it to
> > > > /dev/hda1 /mnt/hda1 ext3 noauto,users,exec 0 0
> > > > #/dev/hda2 / ext3 defaults,noatime 1 1
> > > > /dev/hda4 /mnt/hda4 ext3 defaults,noatime 1 1
> > > > /dev/sda1 swap swap sw,pri=1 0 0
> > > > proc /proc proc defaults 0 0
> > > > devpts /dev/pts devpts mode=0622 0 0
> > > > none /proc/bus/usb usbdevfs defaults 0 0
> > > > # Dynamic entries
> > > > /dev/hda3 /mnt/hda3 ext3 noauto,users,exec 0 0
> > > >
> > > > When I changed it I had so hoped that this would
fix
> >
> > it
> >
> > > > yet it did not!
> > > > What else do I need to do?
> > > >
> > > > for your information here is my setup:
> > > > hda1 = root
> > > > hda4 = home
> > > > hda3 = data
> > >
> > > well you are ALL screwed up. the setup you intended
to
> >
> > have and what
> >
> > > if /dev/hda1 is root then you should have
> > > /dev/hda1 / (not /mnt/hda1)
> > >
> > > if /dev/hda4 is home then you should have
> > > /dev/hda4 /home (not /mnt/hda4)
> > >
> > > if /dev/hda3 is data then you should have
> > > /dev/hda3 /data or /mnt/hda3 if that is where you
want
> >
> > it
> >
> > > where in the world did you get the above fstab from?
> > >
> > > Jerry
> > >
> > > > > From: <bmike101 at cox.net>
> > > > > Date: 2006/03/27 Mon PM 05:19:18 PST
> > > > > To: Main PLUG discussion list
> > > >
> > > > <plug-discuss at lists.plug.phoenix.az.us>
> > > >
> > > > > Subject: hda2 error
> > > > >
> > > > > How strange; it happened again. I reninstalled
the
> >
> > OS
> >
> > > > and,
> > > >
> > > > > as before, it loaded once. After it loads once
and I
> > > > > shutdown it seems to think that hda2 is back. It
is
> >
> > as
> >
> > > > if
> > > >
> > > > > it won't accept hda1,3,&4 without 2. Does this
make
> >
> > any
> >
> > > > > sense? I'll reload from the hd and look at fstab
(if
> >
> > I
> >
> > > > > can).
> > >
> > > --
> > > Hobbit Name: Pimpernel Loamsdown
> > > Registered Linux User: 275424
> > >
> > > This email's random fortune: If our behavior is
strict,
> >
> > we do not need
> >
> > > fun!
> > > ---------------------------------------------------
> > > PLUG-discuss mailing list -
> >
> > PLUG-discuss at lists.plug.phoenix.az.us
> >
> > > To subscribe, unsubscribe, or to change you mail
> >
> > settings:
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/
> >
> > plug-discuss
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change you mail
settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/
plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list -
PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail
settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/
plug-discuss
>
More information about the PLUG-discuss
mailing list