[ale] Forcing RW on boot
Chris Fowler
cfowler at outpostsentinel.com
Tue Mar 30 22:37:51 EDT 2010
On Tue, 2010-03-30 at 15:32 -0400, Dennis Ruzeski wrote:
> Many compromised systems I've seen with extX filesystems have the RO
> set at the fs level- Are you able to run a lsattr on the partition to
> see if it's read-only?
The system was fine until we rebooted it. The customer received an
email from Level 3 in regards to port scans coming from the server. It
was running our software just fine but the load average was too high and
memory usage was so bad programs were being killed but the kernel.
The reboot failed because the mount command could not be executed. Proc
was not mounted and neither was anything else. The FS was set to RO so
there was not much I could do.
I could have had them burn a rescue CD and I could have restored mount
but it would have cost me too much time trying to figure out what all
had been done.
System is back up and operational now on CentOS 5.4. The old Fedora
Core 2 install is gone.
More information about the Ale
mailing list