[ale] server question

Sage morrigu_irm at springmail.com
Wed Jun 13 17:01:43 EDT 2001





> This is bizarre.  I'd place my bets on a getting-continually-worse faulty
> memory chip or motherboard or other primary hardware device.
> 
Or perhaps the system has been comprimised and a trojan is eating up all
the resources?


If a trojan is the case, it's not showing up with 'top' or 'ps aux'. We've wondered that too.



If it's still using kernel 2.0.36 how many other crucial system
components have not been updated to fix security problems.  I seem to
recall that 2.0.37 or 2.0.38 (one of these) was released specifically to
fix a security problem with published exploits in the 2.0 tree.



Probably none. However, the system was hardened to a fare-thee-well when it was reinstalled. You can't even get into it directly. You have to ssh into another server to get into the main one. Ssh is the latest and greatest on the POS and the acessing server. *shrug* it could be anything.


> 
As I said with a kernel this old, I'd be concerned whether required
security releases of other packages have been applied to the system and
whether the exhibited problem is a side effect of being rooted.


Probably not. Their sysadmins are supposed to take care of that sort of thing...guess they got lax. We didn't want to patch a kernel that old, especially since they were sending us a new system anyway. Kernel rebuilds, as I'm sure you know, can be really touchy, and we were worried about the amount of downtime that may result from taking that route.


> > Question is; has anyone come across a problem like this, and was there a
> solution? It looks like it may be possible that the mysql processes aren't
> getting killed after users log out, but I may be wrong.
> 
I'd take a good look at your processes and make sure you can identify
them.  Make sure the system has not been comprimised.



We will, although I suspect it's getting a little late for that.

Thank you for your suggestions, I really appreciate the feedback.

-Sage
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list