[K12OSN] Re: Random system crashes: Linux gurus, what would you do?

Carl Keil carl at snarlnet.com
Fri Dec 23 00:22:13 UTC 2005

On Tue, 2005-12-20 at 22:51, Carl Keil wrote:

>> I believe that my 
>> computer was broken into via webmin right before all this started 
>> happening(there was an unauthorized login as root from a church in 
>> town), but I couldn't find any signs of damage, other than my computer 
>> crashed the next day. 
Les Mikesell wrote: 
>Chances are that parts of your system have been replaced, including
>versions of ls, ps, and netstat that keep you from seeing
>anything different.  You might try the rootkit hunter
>http://www.rootkit.nl/projects/rootkit_hunter.html to
>see if it can identify anything, but the safest approach
>would be to reinstall from scratch.

I tried the rootkit hunter and it turned up absolutely no trace of a rootkit.  I know this isn't definitive, but I think I'm going to cross my fingers and hope for the best.  I've changed the root password, and now I turn webmin on via ssh when I need it and shut it down when I'm through.  Thanks for suggesting this program.  I'm beginning to suspect that the hacking and the crashing are just an odd coincidence.  

Eric Harrison Wrote:
>One thing that happens late at night are the jobs in /etc/cron.daily/
>Some of these jobs can chew up a lot of memory.
>You might want to run memtest on this box to see if you have a bad
>stick of ram.

This was it!  I ran memtest and it turned up 4000 errors on one stick of ram before it was even 30% through.  I replaced that stick and I've 2 days of uptime since.  Yay!  Thank you very much.  

Happy Holidays!


More information about the K12OSN mailing list