[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: All data gone AWOL

On 2002.10.21 19:27 Stephen C. Tweedie wrote:

On Mon, Oct 21, 2002 at 04:59:57PM +0100, Ian Leonard wrote:

> We have been using ext3 with numerous machines and they
> take quite a bit of abuse without incident. This morning I
> got a call to say that a power cut had rendered one box unbootable.
> Investigations revealed that the /boot partition was in good order.
> An fsck of / also showed things to be well - except that the partition
> was completely empty - except for /lost+found.
> It might appear that some one had created a new filesystem on it.
> However no one at that office would know how. Someone commented
> that this had happened before but not reported.

Sounds like it was done deliberately.  Is the box on the net?  Could
an intruder have done this to cover their tracks, for example?

I am told it wasn't connected to any network.

The other thing to check is to see if there is more than one partition
on the box which has been given the "/" label.

To follow up on this one, I have just received the disk. At one time it
had a root partition on it. I set the drive up as a slave and tried to mount
a partition. The partition table was trashed. I put it back (I knew
the numbers) and /boot was as expected. I mounted /. There was
one directory - lost+found. A quick look revelaled that the entire
contents of the disk were in there with the first element of the
path renamed to (I guess) the inode number.

I suppose I could recover the disk - but I'm not that keen.

I guess we have build/rebuild a hundred systems or so and this
has been reported once before. We are at the latter stages of a
development project so there is lot of abuse going on. I seem
to be the only one knows about the shutdown command.
Given that it was a power outage, it is possible that the power
failed again at a crucial stage. Also, as far as I know it shouldn't
have run fsck at boot time.

The distribution is RH 7.3 but with a 2.4.19 kernel.

Any comments would be welcome.

-- Ian Leonard eMail: ileonard ntlworld com Phone: +44 (0)1865 765273

Please ignore spelling and punctuation - I did.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]