From owner-freebsd-questions@FreeBSD.ORG Sun Apr 29 18:09:56 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E5112106564A for ; Sun, 29 Apr 2012 18:09:56 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id A38BF8FC14 for ; Sun, 29 Apr 2012 18:09:56 +0000 (UTC) Received: by iahk25 with SMTP id k25so4499569iah.13 for ; Sun, 29 Apr 2012 11:09:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=HGW1+UcuQy+vuE8LHn8qXo34jhWBezW/pQojcbN1Dhk=; b=F2ADcSmIsDkiaYzKX7WbkZ7vuP+4efvdfxu549dAL9blA/OZDavl02xcUXJDppgn8K mBpSI+OhMzL2NX1L2I/h6BYiWx7uGACfp01prdG3742KX+uvp43pNiELrTD8QjBvlAEf JXxx49HUayQi0PGoajfcA9tLTve7oC1FrnUoZG6LYNds6y/uR5bJLg8hJAbLvL2wmQwV hH7Mv2hWUmmg2FvxzyDXz0Mjl7Y6jwyhJTxLv8uAT1/266xNOygyftmP9L6+IdwQ3Amu ZSPDK19/CkW/JQcfBrAM2eykgxF39AIlhSuFl6ahqvBjqJHGGnIjCYxzbiI+5tCo9ix0 lpCw== MIME-Version: 1.0 Received: by 10.42.142.71 with SMTP id r7mr1385124icu.7.1335722996195; Sun, 29 Apr 2012 11:09:56 -0700 (PDT) Sender: aimass@yabarana.com Received: by 10.231.74.138 with HTTP; Sun, 29 Apr 2012 11:09:56 -0700 (PDT) In-Reply-To: References: <201204281731.q3SHVaiM061997@mail.r-bonomi.com> <20120428200116.b2f5820e.freebsd@edvax.de> <4f9ced3a.f7WBDlsMkhxvy+eF%perryh@pluto.rain.com> <20120429103740.aa7df743.freebsd@edvax.de> Date: Sun, 29 Apr 2012 14:09:56 -0400 X-Google-Sender-Auth: _QMIUCOXhZpfk1r8OgZBYjnjO5E Message-ID: From: Alejandro Imass To: jb Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQk1r2BoKGY6L7tiZHp+a88T1xdd11Vzc0seFKriUaGJOV+2Igzm4cwKLFxAZua3Rho641aJ Cc: freebsd-questions@freebsd.org Subject: Re: UFS Crash and directories now missing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2012 18:09:57 -0000 On Sun, Apr 29, 2012 at 1:15 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >> ... >> And there was a log of a couple of ftp connections the same day this >> happened, the ONLY 3 messages before the reboot at about 6 pm and they >> were NOT from any of our customers. Here are the log entries: >> >> Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: >> host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 >> Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: >> Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname >> Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel >> ... > > What you should do right now is to get some recent general or security cd/dvd > with chkrootkit and rkhunter and run them from that external read-only media. > I would also suggest that you look over config files of all packages involved. > jb > Thanks! Will do, but I don't know of any FreeBSD and/or derived distros for security. Or can I use any Linux security distro? I remember reading about some trouble of Linux chkrootkit on FBSD.... Thanks, -- Alejandro > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"