|
| ||
| samba deleted?!? hi guys, strange problem, I discovered samba has been deleted at no fault of my own. Just deleted..... I noticed the firewall was switched off too which is concerning. I must have switched the firewall off to test something and never turned it back on.. When linux loads it says it cannot load the smbclient and when i do rpm -q samba it says its not installed, but i have been using it for years.... could the firewall bieng off caused this problem by an external source or have i done something wrong.... any ideas? |
| ||
| Re: samba deleted?!? I guess your system could have been compromised if the firewall was off.. I dont know if your network is behind a firewall or not. the first place I usually look is at other priveleged users with access. accidental sabotage from within is a frequent occurance. if your system/network is wide open.. turn iptables back on. I would check the history for root and grep for 'rm' to attempt a culprit then check out /var/log/messages try 'rpm -qa | grep -i smb' or 'rpm -qa | grep -i samba' check for the existance of the smb executable. 'which smb' (as root) we know the init script exists and your system is attempting to start it at runtime maybe the binary is in the wring place or the permissions are wrong on /etc/samba/smb.conf if this file/directory is missing you may be able to recreate the directory then run system-config-samba to recreate smb.conf. (as root naturally) you could try this: 'man smbd' and look for a debuglevel switch (usually like -d0 or -d6 sometimes is -v ) and a foreground switch (dontfork option) tail /var/log/messages start samba manually as a foreground process (in debug mode, dont fork if you can) and check out the logs and the output Hope this helps, Cain |
| ||
| Re: samba deleted?!? thanks my friend. I have managed to reinstall samba and smb. I noticed another problem, when i enter top into the shell it returns: top:error while loading shared libraries: bject file: No such file or directory.. I checked the log files, wiped no record of anything before I reset the server and turned the firewall back on. The firewall I am using is firestarter..... can anyone recommend anything better that shows accepted connections too.. I am pretty sure the system was compromised - without a firewall the system was easier to hack than a hot knife through butter. My vnc password was probably the first possible password on any brute force password list. In addition I was running shared directories across the network. My only barrier was the firewall as it blocked these ports from the outside... so I thought not to worry... it wont happen.. but when I turned it off to test something..... bang anyway.... I am going to reinstall red hat and firewall and any logging/activity viewing programs around.... can anyone recommend any... I have done some searches but I dont know whats best.. once again thanks til |
| ||
| Re: samba deleted?!? iptables is a nice option. You can log the connections or hand shakes which happen to your box. Try getting syslog to log to a remote server. ./thanks ilaiy |
| ||
| Re: samba deleted?!? Yeah iptables is probably the way to go. I usually set them up in this order (i never use a deny statement with iptables this way the hacker gets zero feedback and doesnt make it to a login prompt) drop from all outside networks log from all outside networks drop ports from mysubdomaina (by ip e.g.) log ports from mysubdoamina allow my networks (by resolveable domainname e.g. *mydomain.com) then you can also use this with your hosts.allow and hosts.deny files first deny anything not from your networks then allow only from your networks by ip 10.1.1/24 or whatever the CIDR is .. you can also do it by subnetmask if im not mistaken. you can also set this to allow only from your resolveable networks *.mydomain.com enjoy Cain |
| All times are GMT -4. The time now is 6:35 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC