From owner-freebsd-questions  Mon May 29 20: 4:16 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from home.offwhite.net (home.offwhite.net [156.46.35.30])
	by hub.freebsd.org (Postfix) with ESMTP id EB0F037B59F
	for <freebsd-questions@FreeBSD.ORG>; Mon, 29 May 2000 20:04:13 -0700 (PDT)
	(envelope-from brennan@offwhite.net)
Received: from localhost (brennan@localhost)
	by home.offwhite.net (8.9.1/8.9.3) with ESMTP id WAA96102;
	Mon, 29 May 2000 22:04:12 -0500 (CDT)
Date: Mon, 29 May 2000 22:04:12 -0500 (CDT)
From: BWS - Offwhite <brennan@offwhite.net>
To: EmailWeb@aol.com
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Users can't loggin now!
In-Reply-To: <dd.4f3196b.26643f6f@aol.com>
Message-ID: <Pine.BSF.4.21.0005292157210.93091-100000@home.offwhite.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Perhaps you were hacked, but also consider that you could have caused this
problem, or a hardware failure could be the cause.

You could have deleted a line in fstab by accident or perhaps messed up
the devices in some way.  Mistakes of all kinds happen to everyone.  If
things are really hosed, it is probably best to back it up and try to put
the server back together from past backups.

One way to determine how bad it is would be to boot into single user mode
and have a look around.  Once you are in, you will need to mount the
drives...

> fsck -p
> mount -u /
> mount -a -t ufs
> swapon -a

Once you have a good look around, try to find evidence of a
compromise.  If you can get the system working to a decent point, it would
be best to do a rebuild of the world to be sure all key binaries are
solid.  Do the rebuild after a fresh cvs sync.

But if you are worried about the security of the machine, simply do a
reinstall and go off backups.

Brennan Stehling - web developer and sys admin
projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com

Microsoft: Will you get a macro virus today?
http://www.greasydaemon.com/noms/ <- Why avoid MS?

On Mon, 29 May 2000 EmailWeb@aol.com wrote:

> Dear FreeBSD,
>     My FreeBSD box was hacked cause of a vunerbailty in qmail and I can't 
> login remotly or at the console anymore 
> Only root console logins are possible
> It says can't find root directory
> 
> What directoryu should I chmod or what to fix the problem
> -Sean
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message