Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd February 2012, 15:05
hfr hfr is offline
Junior Member
 
Join Date: Nov 2009
Posts: 27
Thanks: 2
Thanked 0 Times in 0 Posts
Question yum update problem / do i have a security problem?

Hello,

today I had a strange problem updating my centos 5.7 64-bit. The Server is used for webhosting via ispconfig 3 (-> perfect server guide)

Quote:
...
Dependencies Resolved

================================================== =============================================
Package Arch Version Repository Size
================================================== =============================================
Updating:
openssh-server x86_64 4.3p2-72.el5_7.5 updates 278 k

Transaction Summary
================================================== =============================================
Install 0 Package(s)
Upgrade 1 Package(s)

Total size: 278 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-server 1/2
Error unpacking rpm package openssh-server-4.3p2-72.el5_7.5.x86_64
error: unpacking of archive failed on file /usr/sbin/sshd: cpio: rename

Failed:
openssh-server.x86_64 0:4.3p2-72.el5_7.5

Complete!
I looked at /usr/sbin/sshd ...

Quote:
[root@server ~]# ll /usr/sbin/sshd
-rwxrwxrwx 1 root apache 288592 12. Sep 2010 /usr/sbin/sshd
... and tried to change group, which did not work:

Quote:
[root@server sbin]# chgrp root /usr/sbin/sshd
chgrp:
ndern der Gruppe fr /usr/sbin/sshd: Die Operation ist nicht erlaubt
(translation: operation is not permitted)

After a bit of searching I found a +i-Flag in ext-attributes:

Code:
[root@server ~]# lsattr /usr/sbin/sshd
----i-------- /usr/sbin/sshd
After disabling that, everything worked fine again
Quote:
chattr -i /usr/sbin/sshd
Now I am wondering who/what set this Flag in ext3-Attributes and who changed group of sshd to apache. May my server has been attacked successfully? I checked processes, open ports and chkrootkit but found nothing.

Does anybody has an idea which can caused these oddities?

Best Regards
hans
Reply With Quote
Sponsored Links
  #2  
Old 3rd February 2012, 12:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Did you run rkhunter?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Centos is terribly slow Galled Server Operation 9 7th December 2010 15:31
Need some Hints to "The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3]" wahid HOWTO-Related Questions 10 25th August 2010 15:18
Companion Script #2 for The Perfect Server - Fedora 13 x86_64 [ISPConfig 3]" MrCompTech Tips/Tricks/Mods 0 10th July 2010 05:11
yum update problem onj centos to 5.4 cobro Installation/Configuration 8 3rd April 2010 16:38
High Availability Samba cluster - DRBD + Heartbeat djalex Server Operation 58 25th May 2007 19:38


All times are GMT +2. The time now is 06:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.