Page 1 of 2
root partition ständig voll
Posted: 2005-08-29 15:41
by tobiask
also folg. problem
die root partition / ist bei uns immer dauernt zu 100% voll
Code: Select all
/ ext3 /dev/hda1 100% 0.00 KB 509.52 MB 509.52 MB
was wird dort bei nem 1&1 rootie alles gespeichert?
und wie kann ich die leerer bekommen?
weil das gibt öfters fehler wenn er da net schreiben kann ...
kann man die vergrößern ohne daten zu verlieren?
wär um hilfe froh ...
system:
Code: Select all
Linux p15156934 2.4.25-040218 #1 SMP Wed Feb 18 17:59:29 CET 2004 i686 i686 i386 GNU/Linux
unsere restliche aufteilung sieht so aus:
http://mynickpage.de/userupload/Tobiask ... _Bild2.gif
Re: root partition ständig voll
Posted: 2005-08-29 16:18
by chris76
Schau doch als erstes mal nach was dir unter / den Platz frisst.
Dann kann man überlegen was man machen kann/sollte.
Re: root partition ständig voll
Posted: 2005-08-29 16:22
by tobiask
chris76 wrote:Schau doch als erstes mal nach was dir unter / den Platz frisst.
Dann kann man überlegen was man machen kann/sollte.
wie finde ich das raus, was da den ganzen platz wegnimmt?
hier nochma was zur hdd
Code: Select all
p15156934:/etc # fdisk -l /dev/hda
Disk /dev/hda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/hda1 1 66 530113+ 83 Linux
/dev/hda2 67 321 2048287+ 82 Linux swap
/dev/hda4 322 9729 75569760 5 Extended
/dev/hda5 322 959 5124703+ 83 Linux
/dev/hda6 960 1597 5124703+ 83 Linux
/dev/hda7 1598 9729 65320258+ 83 Linux
p15156934:/etc # df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda1 521748 521748 0 100% /
/dev/hda5 5119900 539500 4580400 11% /usr
/dev/hda6 5119900 3821344 1298556 75% /var
/dev/hda7 65312284 32144600 33167684 50% /home
tmpfs 253516 104 253412 1% /tmp
tmpfs 20480 0 20480 0% /dev/shm
Re: root partition ständig voll
Posted: 2005-08-29 16:27
by stefanpropehan
wie finde ich das raus, was da den ganzen platz wegnimmt?
Stefan
Re: root partition ständig voll
Posted: 2005-08-29 16:38
by tobiask
habs jetzt bissel anders gemacht, so:
Code: Select all
ls -lahS $(find / -type f -size +8000k)
das spuckt folgendes aus:
Code: Select all
-rw-r--r-- 1 root root 26G Aug 29 16:33 /home/htdocs/web1/log/access_log
-r-------- 1 root root 504M Aug 29 16:33 /proc/kcore
-rw-r--r-- 1 root root 330M Aug 29 16:33 /srv/www/confixx/html/webalizer/web1/dns_cache.db
-rw-r--r-- 1 root root 137M Aug 29 15:57 /home/htdocs/web6/log/access_log
-rw-r--r-- 1 root root 122M Apr 22 04:15 /home/backup/usr_web1_2.sql
-rw-r--r-- 1 root root 117M Aug 29 16:33 /var/log/apache2/access_log-20050827
-rw-rw---- 1 mysql daemon 117M Aug 29 16:33 /var/lib/mysql/usr_web1_1/log_adclicks_views.MYD
-rw-r--r-- 1 root root 114M Feb 21 2005 /home/backup/alles.sql
-rw-rw---- 1 mysql daemon 67M Apr 22 00:00 /home/mysqlbackup/usr_web1_2/toplist_log.MYD
-rw-rw---- 1 mysql daemon 24M Aug 29 16:10 /var/lib/mysql/usr_web1_2/userguestbook.MYD
-rw-r--r-- 1 spamd spamd 24M Aug 25 15:07 /var/lib/spamd/.razor/razor-agent.log
-rw-rw---- 1 mysql daemon 22M Aug 29 15:37 /var/lib/mysql/usr_web1_2/bb1_posts.MYD
-rw-rw---- 1 mysql daemon 21M Apr 21 21:48 /home/mysqlbackup/usr_web1_2/userguestbook.MYD
-rw-rw---- 1 mysql daemon 21M Apr 21 22:17 /home/mysqlbackup/usr_web1_2/bb1_posts.MYD
-rw------- 1 spamd spamd 20M May 13 14:35 /var/lib/spamd/.spamassassin/bayes_toks
-rw-rw---- 1 mysql daemon 19M Aug 29 16:32 /var/lib/mysql/usr_web1_1/log_adclicks.MYD
-rw-r--r-- 1 root root 16M Aug 29 15:11 /home/htdocs/web10/log/access_log
-rw-r--r-- 1 root root 13M Oct 2 2003 /usr/lib/libc.a
-rw-r--r-- 1 web1 ftponly 13M Aug 12 11:45 /home/htdocs/web1/html/schranz/cocktailabend.zip
-rw-r--r-- 1 web1 ftponly 13M Jul 17 16:30 /home/htdocs/web1/html/holland/kathi.zip
-rw-rw---- 1 mysql daemon 12M Aug 29 16:33 /var/lib/mysql/usr_web1_8/b_ipsperre.MYD
-rw-r--r-- 1 root root 10M Aug 29 16:27 /home/htdocs/web9/log/access_log
-rw-r--r-- 1 root root 9.8M Apr 22 04:15 /home/backup/usr_web1_1.sql
-rwxr-xr-x 1 root root 8.6M Aug 14 2004 /usr/lib/qt3/lib/libqt-mt.so.3.2.1
-rw-r--r-- 1 root root 8.2M Aug 27 11:08 /home/htdocs/web6/backup/html.tar.gz
-rw-r--r-- 1 root root 8.2M Aug 7 01:05 /var/lib/rpm/Packages
-rw-r--r-- 1 root root 8.2M Aug 3 2004 /var/lib/YaST2/you/mnt/i386/update/9.0/rpm/i586/samba-client-2.2.8a-220.i586.rpm
nur, was davon kann ich löschen bzw verkleinern?
was genau ist zb in /proc/kcore?
werden alte rpm packete gespeichert?, kann man die einfach löschen?
Re: root partition ständig voll
Posted: 2005-08-29 16:44
by stefanpropehan
Code: Select all
rw-r--r-- 1 root root 26G Aug 29 16:33 /home/htdocs/web1/log/access_log
Du solltest dir mal
logrotate zu Gemüt führen... 26 GB für eine Log Datei ist doch argh viel :-D
Re: root partition ständig voll
Posted: 2005-08-29 16:44
by pennybridge
Tobiask wrote:Code: Select all
-rw-r--r-- 1 root root 26G Aug 29 16:33 /home/htdocs/web1/log/access_log
wie wär es mal mit logs aufräumen?
26g, nicht schlecht
Re: root partition ständig voll
Posted: 2005-08-29 16:46
by tobiask
stefanpropehan wrote:Code: Select all
rw-r--r-- 1 root root 26G Aug 29 16:33 /home/htdocs/web1/log/access_log
Du solltest dir mal
logrotate zu Gemüt führen... 26 GB für eine Log Datei ist doch argh viel :-D
habs ma geleert, die wird eh zZ nie gebraucht, und leeren is ma ganz gut ^^
logrotate gug ich mir gleich an
jetzt siehsts so aus:
Code: Select all
-r-------- 1 root root 504M Aug 29 16:40 /proc/kcore
-rw-r--r-- 1 root root 330M Aug 29 16:40 /srv/www/confixx/html/webalizer/web1/dns_cache.db
-rw-r--r-- 1 root root 137M Aug 29 16:36 /home/htdocs/web6/log/access_log
-rw-r--r-- 1 root root 122M Apr 22 04:15 /home/backup/usr_web1_2.sql
-rw-rw---- 1 mysql daemon 117M Aug 29 16:40 /var/lib/mysql/usr_web1_1/log_adclicks_views.MYD
-rw-r--r-- 1 root root 114M Feb 21 2005 /home/backup/alles.sql
-rw-rw---- 1 mysql daemon 67M Apr 22 00:00 /home/mysqlbackup/usr_web1_2/toplist_log.MYD
-rw-rw---- 1 mysql daemon 24M Aug 29 16:10 /var/lib/mysql/usr_web1_2/userguestbook.MYD
-rw-r--r-- 1 spamd spamd 24M Aug 25 15:07 /var/lib/spamd/.razor/razor-agent.log
-rw-rw---- 1 mysql daemon 22M Aug 29 15:37 /var/lib/mysql/usr_web1_2/bb1_posts.MYD
-rw-rw---- 1 mysql daemon 21M Apr 21 21:48 /home/mysqlbackup/usr_web1_2/userguestbook.MYD
-rw-rw---- 1 mysql daemon 21M Apr 21 22:17 /home/mysqlbackup/usr_web1_2/bb1_posts.MYD
-rw------- 1 spamd spamd 20M May 13 14:35 /var/lib/spamd/.spamassassin/bayes_toks
-rw-rw---- 1 mysql daemon 19M Aug 29 16:40 /var/lib/mysql/usr_web1_1/log_adclicks.MYD
-rw-r--r-- 1 root root 16M Aug 29 15:11 /home/htdocs/web10/log/access_log
-rw-r--r-- 1 root root 13M Oct 2 2003 /usr/lib/libc.a
-rw-r--r-- 1 web1 ftponly 13M Aug 12 11:45 /home/htdocs/web1/html/schranz/cocktailabend.zip
-rw-r--r-- 1 web1 ftponly 13M Jul 17 16:30 /home/htdocs/web1/html/holland/kathi.zip
-rw-rw---- 1 mysql daemon 12M Aug 29 16:40 /var/lib/mysql/usr_web1_8/b_ipsperre.MYD
-rw-r--r-- 1 root root 10M Aug 29 16:27 /home/htdocs/web9/log/access_log
Re: root partition ständig voll
Posted: 2005-08-29 16:51
by chris76
Deine webs liegen im /srv und das ist unter / gemountet.
IMHO nicht sehr sinnvoll. Eine Große Datei ist die Webalizer DB und /proc/kcore, das ist ein Abbild des Speichers.
Alles unter /proc ist virtuell und vom Kernel "eingeblendet". Das belegt keinen Speicher.
Re: root partition ständig voll
Posted: 2005-08-29 16:53
by tobiask
chris76 wrote:Deine webs liegen im /srv und das ist unter / gemountet.
IMHO nicht sehr sinnvoll. Eine Große Datei ist die Webalizer DB und /proc/kcore, das ist ein Abbild des Speichers.
Alles unter /proc ist virtuell und vom Kernel "eingeblendet". Das belegt keinen Speicher.
wohin und wie kann ich das ummounten?
aba die webs liegen eigentlich in /home
nur das dumme confixx is da drin ...
logrotate muss ich ma was verfeinern, nur kann ich das grad nicht weil er mich in /etc net schreiben lässt weil is halt voll ^^
Re: root partition ständig voll
Posted: 2005-08-29 16:53
by stefanpropehan
Ahh sorry ganz übersehen das Home ja auf einer anderen Partition liegt... das hat also keinen Einfluss auf die Root Partition.
"/proc/kcore" ist eine Art "alias" für den Arbeitsspeicher in deinem Rechner... sollte denn Platz nicht wirklich physisch einnehmen.
Code: Select all
-rw-r--r-- 1 root root 330M Aug 29 16:33 /srv/www/confixx/html/webalizer/web1/dns_cache.db
Ist natürlich ganz schön Fett.. die kannst du Problemlos löschen, ist nur der Cache für das auflösen von IP Adressen in Domain Namen die später im Webalizer angezeigt werden.
Stefan
Re: root partition ständig voll
Posted: 2005-08-29 16:57
by tobiask
hab da jetzt einiges gelöscht, aber die / parti. is immernoch bei 100% ...
Code: Select all
p15156934:/etc # df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda1 521748 521748 0 100% /
/dev/hda5 5119900 539500 4580400 11% /usr
/dev/hda6 5119900 788128 4331772 16% /var
/dev/hda7 65312284 902824 64409460 2% /home
tmpfs 253516 132 253384 1% /tmp
tmpfs 20480 0 20480 0% /dev/shm
Re: root partition ständig voll
Posted: 2005-08-29 16:58
by Joe User
Tobiask wrote:wohin und wie kann ich das ummounten?
man mount (--bind/--move)
Re: root partition ständig voll
Posted: 2005-08-29 17:01
by tobiask
Joe User wrote:Tobiask wrote:wohin und wie kann ich das ummounten?
man mount (--bind/--move)
danke, nur wo kommen jetzt immernoch die 500 vollen mb auf / her ... *ratlos gug*
Re: root partition ständig voll
Posted: 2005-08-29 17:04
by chris76
Ich vermute mal das irgendein Script o.ä dein /etc volgemült hat (das hatte ich mal)
was spricht ein
Re: root partition ständig voll
Posted: 2005-08-29 17:07
by tobiask
chris76 wrote:Ich vermute mal das irgendein Script o.ä dein /etc volgemült hat (das hatte ich mal)
was spricht ein
also mit dem s kommt fehler, ohne das s
ganz oft sowas:
Code: Select all
Filesystem Size Used Avail Use% Mounted on
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
/dev/hda1 510M 510M 0 100% /
falls du ein du meintest ;)
dann das hier:
Code: Select all
p15156934:/etc # du -hs /etc/*
4.0K /etc/DIR_COLORS
4.0K /etc/HOSTNAME
4.0K /etc/SuSE-release
12K /etc/SuSEconfig
8.0K /etc/X11
4.0K /etc/aclocal_dirlist
0 /etc/adjtime
4.0K /etc/aliases
4.0K /etc/aliases.d
8.0K /etc/aliases.db
80K /etc/alsa.d
580K /etc/apache2
28K /etc/apt
4.0K /etc/at.deny
4.0K /etc/auto.master
4.0K /etc/auto.misc
8.0K /etc/bash.bashrc
4.0K /etc/bash_completion.d
4.0K /etc/chrootUsers
40K /etc/courier
12K /etc/cron.d
52K /etc/cron.daily
4.0K /etc/cron.hourly
4.0K /etc/cron.monthly
4.0K /etc/cron.weekly
4.0K /etc/crontab
8.0K /etc/csh.cshrc
4.0K /etc/csh.login
8.0K /etc/cups
8.0K /etc/default
0 /etc/defaultdomain
28K /etc/defkeymap.map
4.0K /etc/esd.conf
4.0K /etc/ethers
4.0K /etc/exports
4.0K /etc/fdprm
4.0K /etc/filesystems
36K /etc/fonts
4.0K /etc/fstab
4.0K /etc/ftpusers
24K /etc/gpm
4.0K /etc/group
4.0K /etc/group-
4.0K /etc/group.YaST2save
4.0K /etc/group.old
4.0K /etc/grub.conf
4.0K /etc/grub.conf.old
4.0K /etc/gshadow
4.0K /etc/gshadow-
4.0K /etc/gshadow.YaST2save
4.0K /etc/hbedv.key
4.0K /etc/host.conf
4.0K /etc/hosts
4.0K /etc/hosts.allow
4.0K /etc/hosts.deny
4.0K /etc/hosts.equiv
4.0K /etc/hosts.lpd
168K /etc/hotplug
8.0K /etc/httpd
4.0K /etc/hushlogins
4.0K /etc/inews_mail_gateway
376K /etc/init.d
4.0K /etc/inittab
8.0K /etc/inputrc
4.0K /etc/insserv.conf
4.0K /etc/ioctl.save
24K /etc/iproute2
4.0K /etc/issue
4.0K /etc/issue.net
8.0K /etc/java
4.0K /etc/krb5.conf
24K /etc/ld.so.cache
4.0K /etc/ld.so.conf
8.0K /etc/ldap.conf
4.0K /etc/lesskey
4.0K /etc/lesskey.bin
4.0K /etc/libiodbc
4.0K /etc/lic_info.txt
4.0K /etc/lilo.conf
4.0K /etc/localtime
8.0K /etc/login.defs
4.0K /etc/logindevperm
4.0K /etc/logrotate.conf
32K /etc/logrotate.d
12K /etc/ltrace.conf
4.0K /etc/lvmtab
4.0K /etc/lvmtab.d
140K /etc/lynx.cfg
0 /etc/magic
20K /etc/mail
4.0K /etc/mail.rc
8.0K /etc/mailcap
12K /etc/majordomo.cf
12K /etc/manpath.config
8.0K /etc/mime.types
16K /etc/modprobe.conf
4.0K /etc/modprobe.conf.local
16K /etc/modules.conf
16K /etc/modules.conf.-
4.0K /etc/modules.conf.local
4.0K /etc/motd
4.0K /etc/mtab
4.0K /etc/my.cnf
4.0K /etc/my.cnf.backup
4.0K /etc/mysqlaccess.conf
4.0K /etc/named.conf
4.0K /etc/named.conf.include
8.0K /etc/named.d
4.0K /etc/netgroup
4.0K /etc/networks
4.0K /etc/news
4.0K /etc/nntpserver
4.0K /etc/nscd.conf
4.0K /etc/nsswitch.conf
4.0K /etc/ntp.conf
24K /etc/openldap
7.6M /etc/opt
56K /etc/pam.d
4.0K /etc/papersize
4.0K /etc/passwd
4.0K /etc/passwd-
4.0K /etc/passwd.YaST2save
4.0K /etc/passwd.old
4.0K /etc/pear.conf
8.0K /etc/permissions
12K /etc/permissions.d
40K /etc/permissions.easy
4.0K /etc/permissions.local
44K /etc/permissions.paranoid
44K /etc/permissions.secure
40K /etc/php.ini
328K /etc/postfix
4.0K /etc/powerd.conf
28K /etc/ppp
4.0K /etc/procmailrc
8.0K /etc/profile
104K /etc/profile.d
4.0K /etc/profile.dos
8.0K /etc/protocols
4.0K /etc/qpopper.conf
4.0K /etc/quotagrpadmins
4.0K /etc/quotatab
4.0K /etc/raw
24K /etc/razor
0 /etc/razor-agent.log
0 /etc/rc.d
4.0K /etc/rc.d.README
12K /etc/rc.status
52K /etc/reoback
4.0K /etc/resmgr.conf
4.0K /etc/resolv.conf
4.0K /etc/resolv.conf.saved.by.dhcpcd
4.0K /etc/rndc.key
4.0K /etc/rpc
4.0K /etc/rsyncd.conf
4.0K /etc/rsyncd.secrets
16K /etc/samba
4.0K /etc/screenrc
4.0K /etc/securetty
36K /etc/security
304K /etc/services
4.0K /etc/shadow
4.0K /etc/shadow.YaST2save
4.0K /etc/shadow.old
4.0K /etc/shells
84K /etc/skel
4.0K /etc/smbautomount.conf
4.0K /etc/snmpd.conf
128K /etc/ssh
152K /etc/ssl
8.0K /etc/susehelp.d
384K /etc/sysconfig
4.0K /etc/syslog.conf
0 /etc/termcap
4.0K /etc/ttytype
4.0K /etc/uucp
8.0K /etc/vimrc
4.0K /etc/vsftpd.conf
8.0K /etc/vsftpd.conf.confixx-backup
4.0K /etc/warnquota.conf
24K /etc/webalizer.conf
4.0K /etc/wgetrc
4.0K /etc/xinetd.conf
68K /etc/xinetd.d
8.0K /etc/xml
4.0K /etc/youservers
4.0K /etc/yp.conf
4.0K /etc/yp.conf.sv
ich denke ma net das is am /etc liegt
das etc nur 12mb gesamt:
Code: Select all
p15156934:/etc # du -hs /*
5.0M /bin
5.7M /boot
316K /dev
12M /etc
873M /home
4.0K /html
14M /lib
4.0K /lost+found
16K /media
4.0K /mnt
41M /opt
du: `/proc': No such file or directory
61M /root
7.3M /sbin
38M /srv
4.0K /sys
148K /tmp
520M /usr
478M /var
Re: root partition ständig voll
Posted: 2005-08-29 17:11
by chris76
argl, ja ich meinte du und nich df :oops:
Re: root partition ständig voll
Posted: 2005-08-29 17:13
by tobiask
chris76 wrote:argl, ja ich meinte du und nich df :oops:
habs ja oben reineditiert!
confixx brauch zb 52mb -.-
Code: Select all
p15156934:~/confixx # du -hs /root/*
8.0K /root/CA
12K /root/bin
52M /root/confixx
4.0K /root/dead.letter
4.0K /root/log-the-traffic.sh
4.0K /root/mailheader
4.0K /root/mailheader2
4.0K /root/mailheader3
4.0K /root/mb.sh
4.0K /root/serverchk.sh
Re: root partition ständig voll
Posted: 2005-08-29 17:14
by Joe User
Hmm, Du meintest wohl eher:
Re: root partition ständig voll
Posted: 2005-08-29 17:16
by tobiask
Joe User wrote:
Hmm, Du meintest wohl eher:
siehe oben ;)
Re: root partition ständig voll
Posted: 2005-08-29 17:17
by stefanpropehan
Wenn ich mal alles auf deiner / (srv, sbin, root, opt, lib, etc, boot , bin)Partition zusammen rechne komme ich auf ~180MB, da stimmt doch etwas nicht.
Re: root partition ständig voll
Posted: 2005-08-29 17:21
by tobiask
stefanpropehan wrote:Wenn ich mal alles auf deiner / (srv, sbin, root, opt, lib, etc, boot , bin)Partition zusammen rechne komme ich auf ~180MB, da stimmt doch etwas nicht.
aba df sagt immernoch das hier:
Code: Select all
p15156934:~/confixx # df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda1 521748 521748 0 100% /
/dev/hda5 5119900 539500 4580400 11% /usr
/dev/hda6 5119900 790240 4329660 16% /var
/dev/hda7 65312284 905896 64406388 2% /home
tmpfs 253516 136 253380 1% /tmp
tmpfs 20480 0 20480 0% /dev/shm
warum dann ???
Re: root partition ständig voll
Posted: 2005-08-29 17:30
by stefanpropehan
Evtl. Besuch auf der Kiste gehabt? Lass mal ein chkrootkit laufen...
Stefan
Re: root partition ständig voll
Posted: 2005-08-29 17:40
by tobiask
stefanpropehan wrote:Evtl. Besuch auf der Kiste gehabt? Lass mal ein chkrootkit laufen...
Stefan
nicht das ich wüsste, haben nichts bemerkt, wurd auch nichts sofort sichtbares verändert.
chkrootkit sagt folgendes:
Code: Select all
p15156934:/tmp/chkrootkit-0.45 # ./chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not found
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.1/i586-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/libxml-enno/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/Quota/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/Logfile/Rotate/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/Proc/ProcessTable/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.1/i586-linux-thread-multi/auto/Net/IP/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/DBI/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Data/ShowTable/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Date/Manip/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Digest/SHA1/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Digest/HMAC/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Digest/Nilsimsa/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/HTML/Tagset/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/IO/Stty/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/IO/Tty/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Net/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Net/DNS/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Net/SNMP/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Parse/Yapp/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/URI/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/XML-DOM/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Expect/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Msql-Mysql-modules/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/XML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/XML/XQL/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/libwww-perl/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Compress/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/razor-agents/.packlist /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/auto/Crypt/DES/.packlist /usr/lib/majordomo/.majorcool_default
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
INFECTED (PORTS: 465)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... /proc/2965/fd: No such file or directory
/proc/10264/fd/324: No such file or directory
/proc/10848/fd: No such file or directory
/proc/10849/fd: No such file or directory
/proc/11012/fd: No such file or directory
/proc/11378/fd: No such file or directory
/proc/11403/fd: No such file or directory
/proc/11404/fd: No such file or directory
/proc/11484/fd: No such file or directory
/proc/11579/fd: No such file or directory
/proc/11732/fd: No such file or directory
/proc/11733/fd: No such file or directory
/proc/12142/fd: No such file or directory
/proc/12148/fd: No such file or directory
/proc/12149/fd: No such file or directory
eth0: PF_PACKET(/sbin/dhcpcd)
Checking `w55808'... not infected
Checking `wted'... unable to open wtmp-file wtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: not found wtmp and/or lastlog file
Checking `chkutmp'... chkutmp: nothing deleted
Re: root partition ständig voll
Posted: 2005-08-29 17:58
by tobiask
was genau sagt
Code: Select all
Checking `bindshell'... warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
warning, got bogus unix line.
INFECTED (PORTS: 465)
mir das jetzt?
was kann ich tun?