Forum OpenACS Q&A: Response to Help! no SSH Telnet Access

Posted by MaineBob OConnor on

Hi Joh,
Here is a condensed version of top without the redundancies:

nsatgn   1064   0:00 top
root      300   7:51 init
root        0   1:41 kflushd
root        0   7:05 kupdate
root        0   0:00 kpiod
root        0   3:53 kswapd
root        0   0:00 mdrecoveryd
rpc       248   0:00 portmap
nobody      0   0:03 identd
nobody      0   0:06 identd <defunct>
daemon     56   0:00 atd
root      120   0:02 crond
root        0   0:00 mingetty
postgres  348   0:51 postmaster
nsamain  6880   0:00 nsamain
nsaerc    27M   0:01 nsaerc
root      420   9:58 master
postfix  1328   2:25 qmgr
nsatgn    48M   0:02 nsatgn
root     1028   0:00 xinetd
root      668   0:00 in.telnetd
root     1392   0:00 bash
root      616   0:14 syslogd
root      820   0:00 klogd
postfix   812   0:00 pickup
postgres 5208   1:02 postmaster

I killed the identd but it won't die!
kill -9 349
the prompt returns and running top again and it's still there.

Now a hint that a cracker may be at work.. 😟 The RH7.0 server has been up for 208 days, yet the files in /etc/rc3.d are ALL timestamped earlier today except for ...postgres and s99local. The files in other directories rc1..2..4..5..6 are all dated with the server birthdate. I don't see anything else out of the ordinary but I may not be looking in the right places...

So now onto doing an extensive backup...... for the worst case...
Any suggestions for making a backup, that will be easy to restore?

I've backed up the pg data but what about a complicated virtual system (Jerry's)... I'm tarring the whole /web tree that contains the multiple systems and.... oops tar just crashed... on /web due to:
tar: Error exit delayed from previous errors
The tar file got to 139 Megabytes before failing... I guess I'll have to do it in pieces....