Re: Drive Suddenly and Unexpectedly Full Problem
From: wbarwell (wbarwell_at_mylinuxisp.com)
Date: 10/09/05
- Next message: wbarwell: "Re: Drive Suddenly and Unexpectedly Full Problem"
- Previous message: mst: "Re: Q: SuSE10 and nvidia"
- In reply to: Paul Clay: "Drive Suddenly and Unexpectedly Full Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 09 Oct 2005 13:12:57 -0500
Paul Clay wrote:
> I left my computer on last night with nothing but Opera 8.x
> running. Woke up this morning and my Linux partition (which
> when I went to bed
> had 10 gigs free) was full. The computer is connected to the
> internet thru a wireless (wpa encrypted) connection to a router
> and a cable modem; maybe I got hacked.
>
> Anyhow, I guess I need to boot from a rescue disk and remove
> some files
> from the Linux partition so I can boot from the harddrive. Any
> suggestions on what file(s) might be the culprit(s) needing
> deleting?
Run df and look at the partitions, it should be obvious
which one is full. Man df. You may have had a DOS attack
designed to fill up a log file and thus a partition for example.
Or somebody was using you to download porn and mp3s not realizing
you had a small hard disk.
Check the temp files. Check /var/log/. Or you had a runaway
process that died and respawed and died again filling the log
file and eventually the partition.
You will need to scan your log files to find out what happened.
> Or how to easily locate them? I thought I might scan the root
> directory and subdirectories to look for the biggest files on
> the system (though maybe my computer's problem is that the
> harddrive got populated with lots of little files).
>
> Any helpful suggestions would be most appreciated.
>
> P.S. What's a good Linux antivirus program? :=)
Make sure you are running a basic firewall and make sure
your root password is tough to guess. In several tests
of Linux systems by security experts, many fell to plain old
fashioned dictionary attacks on passwords.
Install chkrootkit.
Back up a basic, new install on CDs so you know you have a good
/etc/, /bin/ and so on.
A check in /var/log/ syslog may help
find out what went on. Of course if rooted, the incriminating
logs get deleted.
If you have been rooted, all the usual commands, ls and so on are
set up to lie to you to hide the rootkits. Its nice to have it
on CD clean and known good.
Man ifup and ifdown.
Its always nice to have a Knoppix CD on hand in times like this.
You can boot up and examine hard disks safely, and save home/
files to CD if you have indeed been rooted or suspect so.
Plus other useful things.
-- The official spokesman of the Foxes said today that investigation into what happened to the henhouse may be needed. Cheerful Charlie
- Next message: wbarwell: "Re: Drive Suddenly and Unexpectedly Full Problem"
- Previous message: mst: "Re: Q: SuSE10 and nvidia"
- In reply to: Paul Clay: "Drive Suddenly and Unexpectedly Full Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
