Date: Sat, 23 Dec 2000 19:40:44 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Edwin Groothuis <mavetju@chello.nl> Cc: mysql-freebsd <mysql-freebsd@home.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Weird /var behavior or was I hacked? Message-ID: <Pine.GSO.4.21.0012231938440.26603-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <20001221165506.F59674@d9168.upc-d.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Dec 2000, Edwin Groothuis wrote: > On Thu, Dec 21, 2000 at 09:44:34AM -0500, mysql-freebsd wrote: > > There is this huge difference between 767 MB reported occupied by df > > and 14 MB of the sum of all teh files. Looks as if somebody got > > in, made an invisible partition within /var. > > Looks like a daemon which has files still open although they don't > exist in the directory-table anymore. Reboot is one solution :-) > > The other option is to find the evil process which has still these > files open, use lsof (/usr/ports/*/lsof) for it: > /usr/local/sbin/lsof | grep var Or try http://tribble.ilrt.bris.ac.uk/~cmjg/unix/scripts/openfiles (usage: openfiles /var) no rocket science, it just finds open files which don't appear in the filesystem. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk Leverage that synergy! Ooh yeah, looking good! Now stretch - and relax. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0012231938440.26603-100000>