Jump to content


  • Posts

  • Joined

  • Last visited

stef_204's Achievements

New Here

New Here (1/7)



  1. This is now all academical.... While trying to facilitate ssh'ing into box, I had user by pass router (could not set up router to forward ssh port 22, it just would not stick) and machine was connected directly to DSL modem. The DSL Modem has been previously set up as a Bridge to avoid double NAT (on top of Router NAT) which ended up leaving the machine completely exposed. It got port scanned and virus came in, gained root access, changed root password so I could not gain root privileges (so it turns out the "incorrect password" message in original post was accurate); and started port scanning other machines from that box, starting up as many as 100 ssh-scan processes, etc. I finally noticed all that, and shut the box down. I will have to reinstall from scratch, the Linux OS....from a Live CD. Live and learn, I suppose. Some things I would say: use a strong enough password for root, block ssh and only allow known IP addresses, never run machine without some type of firewall, etc. I couldn't really trust the box anymore after this attack, and really could not troubleshoot from a distance. So, I had remote user, plug machine back into router so we have its firewall/NAT protection; burn a new Mandriva One KDE CD, install it on top of this messed up install, choose same mount points, and reformat everything, including rewrite GRUB to MBR. I was on the phone guiding the remote user, and was able to follow step by step by using this as a guide on my side (for the screenshots) and give instructions on each step. For the sake of simplicity, I used the same mount points, as existing. This box does not have much space on it, and has most of its HDD dedicated to Windows--so that is why so little room for Linux. I might change that once I have physical access to the box, but could not deal with partitioning with a newbie on the phone, at the moment. It's all back up now. One thing I will do is have user do a full update. I should disable postfix so that the original error does not reoccur. And I would still like to be able to ssh into box as the "sysadmin" and be able to troubleshoot the box, or update it, etc. from a distance. For that, I will need to find a way to setup the box on a static IP outside DHCP range inside the LAN, and then forward port 22 in router--I have not been able to figure that out yet; in a way to make it stick. I will then, make sure that sshd_config disallows ssh login as root; and perhaps should even only allow certain "trusted" IP's--even though this may be counter-productive in the sense that if I move from a city to the next while on a business trip, I will not be able to ssh in box to allow IP, and cannot count of remote user to edit the config file. Perhaps, it is best to use some config of iptables? If so, how? I found this but I am not sure it is proper for Mandriva. And is rejecting any request that make more than 3 new connection from same address every 5 minutes, really practical? Appreciate any further advice, if you can still spare any ;)
  2. problem is back unfortunately.... "/" is again showing 100%. Once I ssh into user@ip, I cannot switch to su I get an password error message--but I am sure the pw is right since I changed it a few days ago to a very simple one (during an ssh session.) $ du -axk / | sort -nr | head -n 50 du: cannot read directory `/etc/lvm/cache': Permission denied du: cannot read directory `/etc/skel/tmp': Permission denied du: cannot read directory `/etc/cups/ssl': Permission denied du: cannot read directory `/tmp/screens/S-root': Permission denied du: cannot read directory `/lost+found': Permission denied du: cannot read directory `/var/lib/mlocate': Permission denied du: cannot read directory `/var/lib/PolicyKit': Permission denied du: cannot read directory `/var/lib/nfs/statd': Permission denied du: cannot read directory `/var/lib/nfs/sm': Permission denied du: cannot read directory `/var/run/hald': Permission denied du: cannot read directory `/var/run/xdmctl/dmctl': Permission denied du: cannot read directory `/var/run/sudo': Permission denied du: cannot read directory `/var/run/PolicyKit': Permission denied du: cannot read directory `/var/run/ConsoleKit': Permission denied du: cannot read directory `/var/run/cups/certs': Permission denied du: cannot read directory `/var/lock/lvm': Permission denied du: cannot read directory `/var/tmp/kdecache-root': Permission denied du: cannot read directory `/var/cache/hald': Permission denied du: cannot read directory `/var/spool/at': Permission denied du: cannot read directory `/var/spool/cron': Permission denied du: cannot read directory `/var/spool/cups': Permission denied du: cannot read directory `/root': Permission denied du: cannot read directory `/.kde': Permission denied 3888508 / 2193976 /usr 1191384 /usr/lib 1006760 /dead.letter 851296 /usr/share 560500 /var 489164 /var/log 299528 /usr/lib/ooo-2.4 191176 /usr/lib/ooo-2.4/program 184968 /usr/share/locale 127640 /usr/bin 122840 /var/log/messages 122328 /var/log/syslog 121724 /var/log/user.log 105328 /usr/lib/ooo-2.4/share 104124 /usr/share/icons 90984 /var/log/security.log 82404 /usr/lib/aspell-0.60 82372 /usr/share/foomatic 82352 /usr/share/foomatic/db 82332 /usr/share/foomatic/db/source 69888 /usr/share/apps 66948 /usr/share/fonts 64424 /usr/lib/kde3 62536 /lib 61640 /var/lib 61092 /usr/lib/python2.5 58380 /usr/lib/mono 55076 /usr/share/foomatic/db/source/opt 51120 /usr/share/dict 51112 /usr/share/dict/ooo 50656 /usr/lib/seamonkey-1.1.9 46208 /usr/lib/dri 45556 /usr/lib/mono/gac 44924 /usr/share/icons/crystalsvg 42392 /var/lib/rpm 40872 /usr/lib/ooo-2.4/share/template 40856 /usr/lib/perl5 40136 /usr/share/doc 38888 /lib/modules 38884 /lib/modules/ 38748 /usr/lib/firefox- 36688 /usr/lib/python2.5/site-packages 35392 /usr/lib/ooo-2.4/share/registry 34564 /etc 32172 /usr/lib/xorg 32100 /usr/share/man 31460 /usr/lib/ooo-2.4/share/registry/res 30544 /usr/lib/xorg/modules 30356 /var/log/security What is /dead.letter size 1006760 ???? Without root access, I really don't know how to again delete that file is needed, logs, etc. $ df Filesystem Size Used Avail Use% Mounted on /dev/hda6 3.9G 3.8G 0 100% / /dev/hda8 1.3G 240M 1012M 20% /home /dev/hda1 12G 10G 1.3G 89% /media/hd /dev/hda5 12G 9.7G 1.7G 86% /media/hd2 If I got root access, and cleaned up the logs, etc,; I could always do an urpmi --auto-update -auto to update the box--perhaps it would fix whatever problem by updating.... But without root access....
  3. You must be right on that ^^ So: "urpme -kdebase-kdm" and then "urpmi kdebase-kdm"? (Remember the remote box is Mandriva One [a great out of the box product, by the way]) Shouldn't affect any of the user settings as these are all in ~./kde* etc.....
  4. Here is what I have done so far. I had user bypass the router and connect directly to DSL modem which I had previously set as a bridge (as opposed to NAT). I tried to have user rm -rf various crap as was suggested here ~/tmp and /var/log by giving user specific commands to type. I then had user service start sshd and finally was able to ssh into it as root but unable to as user. (This may have been for the fact that user had no password (and was set to autolog.) I don't know. I did notice that ssh does not seem to let you log in to a user with no password, and keeps asking you for one--even if you type <enter> with field blank. I also tried typing ! as password as I read that users with no passwords get assigned the ! character but I must have misread. Anyway, didn't work so had to log in as root.) I then went to ~/tmp and noticed it was NOT empty despite the fact user should have deleted everything there. So I deleted all. Including the lock of course. Just a simple rm -rf * I then went to /var/log and that was FULL. So deleted all there as well. I had done the du -axk / | sort -nr | head -n 50 as you suggested, and noticed /var/log was number 5 on the list.... It instantly went down to 89% (this is a dual boot WinXP/Mandriva One box) and much less than half is dedicated to Linux (unfortunately.) Could still not get KDM to run and had to write an etc/sysconfig/desktop with: DISPLAYMANAGER=kdm in it. I found and deleted the .DCOP* in ~, even though user had assured me no such files existed.... (I had told user to do ls -a). I am not sure this was totally necessary but had come up in the original error message. I then config'ed sshd to startup automatically at boot with a: chkconfig sshd on, so I could reboot remotely and log back on without user being there to restart sshd. I also had to remove the autologin option for user, and I added a password. I installed autocron and nano. I created a brand new user as a substitute for old user, should it prove necessary to migrate. If you haven't fallen asleep by now, read on ;) I then rebooted for the nth time; and kdm started up, showing both users (e.g. normail user account and other account I had just created.) Typed in user name and pw; and back in. All pretty much normal. Except for the fact that user still had some error message to check kdm log files which is here below--if anyone sees any clues to what else to fix, please let me know. <http://pastebin.ca/1312858> May not even be the right log file..... I dare not reboot the box now...! What could still be creating that error message to check kdm log file that Mandriva gave on last boot...? I don't think the one I posted in pastebin is the right error message.... (Feel free to ignore the parts that are not relevant such as the ssh bit, and focus on the kdm issue, error message at boot, etc.) Thanks for continued support--it is very helpful, and most appreciated ;)
  5. OK, I was able to ssh into box and deleted /var/log * and that cleared the 100% usage of "/" back down to 89% which is probably correct for this box. I got Konqueror going by having her type konqueror from root in terminal and she can browse.... However, KDE is not up and does not want to start. startx results in: # startx xauth: creating new authority file /root/.serverauth.5004 Fatal server error: Server is already active for display 0 If this server is no longer running, remove /tmp/.X0-lock and start again. Invalid MIT-MAGIC-COOKIE-1 keygiving up. xinit: Interrupted system call (errno 4): unable to connect to X server xinit: No such process (errno 3): Server error. She is logged in in level 5 but no GUI. I also found and deleted the .DCOP*, just in case but that may or may not have been necessary since networking was back on.... How can I solve this KDE not coming up? when using shutdown -r now to reboot, it reboots in level 5 but again, no GUI.....
  6. I looked at mine (KDE 3.5.9 on Free 2008.1 x86_64) and found them using: % locate .DCOP* /home/stef/.DCOPserver_localhost_:0 /home/stef/.DCOPserver_localhost__0 I could NOT find them with: % ls -option '.DCOP*' or ls -option '*DCOP*' I CAN see them with an % ls -a but not as above; I must be doing something wrong with the ls command.... Anyway, I will speak to user later on and tell her to delete the above files and reboot and will post back here.
  7. medo, tx for replying. Will do the above commands and post back here. I do not believe that in /home/user/ there are any .DCOP* files or *DCOP*, etc...... But will have user check again. Will post back here soon.
  8. Hi, on Mandriva One Spring (2008.1), all of a sudden, when booting, we are getting the error message: "cannot read network connection in /home/user/DCOPSERVER_localhost_0" a simple "df" shows "/" as 100% used (!!) no programs were installed or downloaded, etc.--so no particular additional bites on the box were added by us between when box was working and not working (now.) updates are disabled and box has NOT been updated via MCC or urpmi. Additionally, the box is stuck on the last DHCP IP address it was given by the router--I imagine because network service are not working at the moment. I imagine I cannot ssh into the box for my present location. I am far away from the box--different country at the moment, but there is a user at the box' location. I tried to have user go into /home/user and rm -rf *.log but did not help. Same for /etc/var/*.log I am at a loss for possible solutions. can anybody please help?
  9. Yes, I think that possibly the conflict between the LAN and the DSL connection is what is causing the trouble.
  10. Keith, thanks for your reply but no. It is something that needs to be done within the Mandriva Control Center, under Networks.
  11. Mandriva One Spring KDE Hi, I need to set up an internet connection that uses PPPoE (with user name and password) in Mandriva One Spring KDE for a friend. I have tried using "create new connection" and choosing "DSL", etc.; but I can't seem to make it work in a stable manner. It worked once yesterday, and upon reboot, no longer works. It looks like the system wants to connect to the Internet automatically via the LAN (but it can't as the PPPoE is not set up on the default LAN connection that comes out of the box). At the moment, perhaps the 2 connections (the default LAN that comes setup out of the box during installation; and the DSL one I created) are in conflict each setup to automatically connect, etc. What do I need to do so that when my friend (complete newbie) boots into Mandriva One, it smoothly and automatically connects to the internet using PPPoE? Thanks.
  12. This has been resolved. https://mandrivausers.org/index.php?showtopic=47569
  13. Ixthusdan: Thanks for your feedback. See my reply above for the solution.
  14. lavaeolus: Hi, I'd love to completely erase the R&R partition but I am told that I would have trouble booting thereafter as the MBR of disk is written with special code that looks for the recovery partition. The problem is that, apparently, the Lenovo ThinkVantage Management software looks at MBR at each boot and tries to rewrite the MBR if it is not the "original" one--at least so I'm told by Lenovo and their website.... Which seems to indicate I would have to remove the ThinkVantage product completely to then be able to 1) remove/delete the recovery partition and 2) put GRUB in MBR.... BUT, as it is, the chainloading is now working as I found out the stall was due to lack of proprietary nVidia graphics driver. So the chainloading process had worked. I would be interested to know more how to really remove that R&R partition without causing unwanted negative effects on my T61. Thanks.
  • Create New...