 |  |  |  |  |  |  |  |
samba deleted?!?
 |
hi guys,
strange problem, I discovered samba has been deleted at no fault of my own. Just deleted.....
I noticed the firewall was switched off too which is concerning. I must have switched the firewall off to test something and never turned it back on..
When linux loads it says it cannot load the smbclient and when i do rpm -q samba it says its not installed, but i have been using it for years....
could the firewall bieng off caused this problem by an external source or have i done something wrong.... any ideas?
strange problem, I discovered samba has been deleted at no fault of my own. Just deleted.....
I noticed the firewall was switched off too which is concerning. I must have switched the firewall off to test something and never turned it back on..
When linux loads it says it cannot load the smbclient and when i do rpm -q samba it says its not installed, but i have been using it for years....
could the firewall bieng off caused this problem by an external source or have i done something wrong.... any ideas?
•
•
Join Date: Aug 2004
Posts: 298
Reputation: 
Solved Threads: 2
Posting Whiz in Training
I guess your system could have been compromised if the firewall was off.. I
dont know if your network is behind a firewall or not. the first place I usually
look is at other priveleged users with access. accidental sabotage from within
is a frequent occurance.
if your system/network is wide open.. turn iptables back on.
I would check the history for root and grep for 'rm'
to attempt a culprit
then check out /var/log/messages
try 'rpm -qa | grep -i smb' or 'rpm -qa | grep -i samba'
check for the existance of the smb executable.
'which smb' (as root)
we know the init script exists and your system is attempting to start it at
runtime maybe the binary is in the wring place or the permissions are wrong
on /etc/samba/smb.conf
if this file/directory is missing you may be able to recreate the directory then
run system-config-samba to recreate smb.conf. (as root naturally)
you could try this:
'man smbd' and look for a debuglevel switch (usually like -d0 or -d6
sometimes is -v ) and a foreground switch (dontfork option)
tail /var/log/messages
start samba manually as a foreground process (in debug mode, dont fork if
you can) and check out the logs and the output
Hope this helps,
Cain
dont know if your network is behind a firewall or not. the first place I usually
look is at other priveleged users with access. accidental sabotage from within
is a frequent occurance.
if your system/network is wide open.. turn iptables back on.
I would check the history for root and grep for 'rm'
to attempt a culprit
then check out /var/log/messages
try 'rpm -qa | grep -i smb' or 'rpm -qa | grep -i samba'
check for the existance of the smb executable.
'which smb' (as root)
we know the init script exists and your system is attempting to start it at
runtime maybe the binary is in the wring place or the permissions are wrong
on /etc/samba/smb.conf
if this file/directory is missing you may be able to recreate the directory then
run system-config-samba to recreate smb.conf. (as root naturally)
you could try this:
'man smbd' and look for a debuglevel switch (usually like -d0 or -d6
sometimes is -v ) and a foreground switch (dontfork option)
tail /var/log/messages
start samba manually as a foreground process (in debug mode, dont fork if
you can) and check out the logs and the output
Hope this helps,
Cain
I used up all my money on you baby...
... and I want it BACK.
... and I want it BACK.
thanks my friend. I have managed to reinstall samba and smb.
I noticed another problem, when i enter top into the shell it returns:
top:error while loading shared libraries:
bject file: No such file or directory..
I checked the log files, wiped no record of anything before I reset the server and turned the firewall back on.
The firewall I am using is firestarter..... can anyone recommend anything better that shows accepted connections too..
I am pretty sure the system was compromised - without a firewall the system was easier to hack than a hot knife through butter. My vnc password was probably the first possible password on any brute force password list. In addition I was running shared directories across the network. My only barrier was the firewall as it blocked these ports from the outside... so I thought not to worry... it wont happen.. but when I turned it off to test something..... bang
anyway.... I am going to reinstall red hat and firewall and any logging/activity viewing programs around.... can anyone recommend any... I have done some searches but I dont know whats best..
once again thanks
til
I noticed another problem, when i enter top into the shell it returns:
top:error while loading shared libraries:
bject file: No such file or directory..
I checked the log files, wiped no record of anything before I reset the server and turned the firewall back on.
The firewall I am using is firestarter..... can anyone recommend anything better that shows accepted connections too..
I am pretty sure the system was compromised - without a firewall the system was easier to hack than a hot knife through butter. My vnc password was probably the first possible password on any brute force password list. In addition I was running shared directories across the network. My only barrier was the firewall as it blocked these ports from the outside... so I thought not to worry... it wont happen.. but when I turned it off to test something..... bang
anyway.... I am going to reinstall red hat and firewall and any logging/activity viewing programs around.... can anyone recommend any... I have done some searches but I dont know whats best..
once again thanks
til
iptables is a nice option. You can log the connections or hand shakes which happen to your box. Try getting syslog to log to a remote server.
./thanks
ilaiy
./thanks
ilaiy
•
•
Join Date: Aug 2004
Posts: 298
Reputation:
Solved Threads: 2
Posting Whiz in Training
Yeah iptables is probably the way to go.
I usually set them up in this order (i never use a deny statement with iptables
this way the hacker gets zero feedback and doesnt make it to a login prompt)
drop from all outside networks
log from all outside networks
drop ports from mysubdomaina (by ip e.g.)
log ports from mysubdoamina
allow my networks (by resolveable domainname e.g. *mydomain.com)
then
you can also use this with your hosts.allow and hosts.deny files
first deny anything not from your networks then allow only from your networks
by ip 10.1.1/24 or whatever the CIDR is .. you can also do it by subnetmask if im not
mistaken.
you can also set this to allow only from your resolveable networks
*.mydomain.com
enjoy
Cain
I usually set them up in this order (i never use a deny statement with iptables
this way the hacker gets zero feedback and doesnt make it to a login prompt)
drop from all outside networks
log from all outside networks
drop ports from mysubdomaina (by ip e.g.)
log ports from mysubdoamina
allow my networks (by resolveable domainname e.g. *mydomain.com)
then
you can also use this with your hosts.allow and hosts.deny files
first deny anything not from your networks then allow only from your networks
by ip 10.1.1/24 or whatever the CIDR is .. you can also do it by subnetmask if im not
mistaken.
you can also set this to allow only from your resolveable networks
*.mydomain.com
enjoy
Cain
I used up all my money on you baby...
... and I want it BACK.
... and I want it BACK.
|
Similar Threads
- Samba configuration (*nix Software)
- Can't get samba to work! (*nix Software)
- Does Samba send deleted files to a recycle bin? (*nix Software)
Other Threads in the *nix Hardware Configuration Forum
- Previous Thread: fedora core 3 modem
- Next Thread: SOUNDMAX ON VAIO laptop not working in FEDORA 3
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest *nix Hardware Configuration Posts
- Today's Posts
- Unanswered Threads
360 acer amazon amd applications asus atom audio babbage blackberry blind bluray broadband camera canon cellphone censorship centrino ces china chips chipset computers console data dell development digitalcamera ebook eeepc environment epson europe flexibleworking gadget gaming gpu graphics handset hardware hd homersimpson homeworking hp ibm intel japan keyboardpc kindle ladies laptop law markets memory microsoft mobile motoring museum netbook news nintendo nokia notebook nvidia opensource patents pc peripherals photography playstation printer printing processor ps4 quadcore quake recycle replication report rim satnav screenflicker sgi simpsons smartphone sony speed spot stephenfry supercomputing technology tomtom top10 toshiba tv usb wireless workstation x-rayspecs xbox
