Grex Helpers Conference

Item 115: Grex System Problems Item

Entered by i on Sun Dec 22 19:44:04 2002:

32 new of 251 responses total.


#220 of 251 by cross on Sat Mar 8 03:46:53 2003:

This response has been erased.



#221 of 251 by gull on Mon Mar 10 03:32:38 2003:

It hasn't been patched with the 'official' patch yet, at very least.  So
it's probably vulnerable.

AFAIK there's no working exploit for this on SunOS (or any other OS)
yet, not that anyone should be reassured much by that.


#222 of 251 by jep on Mon Mar 10 17:34:56 2003:

Backtalk isn't responding but telnet is working fine.


#223 of 251 by mynxcat on Mon Mar 10 19:50:28 2003:

This response has been erased.



#224 of 251 by remmers on Mon Mar 10 21:02:33 2003:

Web server was probably down for some reason.


#225 of 251 by gull on Tue Mar 11 01:30:47 2003:

Incidentally, if you haven't already, you might want to email staff about
the sendmail thing.  They tend to read email a lot more often than they read
this item.


#226 of 251 by goose on Wed Mar 12 00:04:26 2003:

I tried the Backtalk interface today, and could not get the Abelone(sp?)
one to work, it just sat there.


#227 of 251 by jhudson on Thu Mar 13 16:44:22 2003:

They all just sit there for a while. Be patient. This screen took
2min to come up.


#228 of 251 by mynxcat on Thu Mar 13 18:59:54 2003:

This response has been erased.



#229 of 251 by russ on Fri Mar 14 02:44:29 2003:

Re #228:  That may not be Grex, it might be your browser (or web
proxy server) timing out more quickly than Grex responds.


#230 of 251 by mynxcat on Fri Mar 14 15:00:40 2003:

This response has been erased.



#231 of 251 by russ on Fri Mar 14 23:20:30 2003:

Almost no mail has been delivered today.  Something's wrong.


#232 of 251 by gull on Sat Mar 15 01:20:37 2003:

I've gotten a fair amount of mail.  About as much as I normally expect,
anyway.



#233 of 251 by davel on Sat Mar 15 01:35:28 2003:

Same here.


#234 of 251 by krokus on Sat Mar 15 21:55:06 2003:

The putty screen is still clearing, right after motd.  Hence, I can't
ready motd, nor the new mail alert.


#235 of 251 by anderyn on Sat Mar 15 22:05:42 2003:

No mail here today either.


#236 of 251 by gelinas on Sun Mar 16 00:11:37 2003:

krokus, take a look at your termtype.  I've seen something like that with
vs100, I think it is.  I have to set my xterm's termtype to vt100 when
connecting to grex.


#237 of 251 by gull on Sun Mar 16 00:52:30 2003:

My screen has always cleared after login.


#238 of 251 by remmers on Sun Mar 16 02:52:11 2003:

One could make 'motd' the last line of one's .login or .profile.


#239 of 251 by krokus on Sun Mar 16 03:37:08 2003:

re 236
I can't change the emulation, as such. PuTTY only allows you to change
certain aspects of the intereaction.

re 238
That was something I tried, but motd is displayed by the system, along
with the new mail status, prior to the .login or .profile.  (I know,
it can be displayed again.)


#240 of 251 by russ on Sun Mar 16 04:20:02 2003:

Re #234:  I believe that some tset or other commands clear the screen;
check your .login file for things you don't need.


#241 of 251 by gull on Sun Mar 16 05:13:09 2003:

I have .hushlogin set to prevent the motd from being displayed during
login.  The reason is I have a script in my .profile that diffs the motd
against what it was last time I logged in and displays just the changes.


#242 of 251 by remmers on Sun Mar 16 13:31:39 2003:

By the way, are you aware that the motd displayed by the system
on login, and by the motd command, displays more than just the
contents of the file /etc/motd?


#243 of 251 by gull on Sun Mar 16 17:27:31 2003:

I wasn't.  Why is that?


#244 of 251 by carson on Sun Mar 16 19:06:54 2003:

(are you aware that, if using a ssh client, the system does *not*
display more than the contents of /etc/motd?)  ;)


#245 of 251 by remmers on Sun Mar 16 21:25:38 2003:

(Yeah, I recently became aware of that.  I'm hoping that's
a problem that magically goes away when Grex moves to new
hardware and a modern, well-supported OS.)

Re #243:  I imagine it's so that parts of the login message
can be generated automatically without collisions.  For
example, the birthday part of the motd is in
/usr/local/lib/motd.birthday.  This file is regenerated
daily by a program that scans the birthday database and
selects people whose birthday matches the current date.
It would be unfortunate if the program wrote directly to
/etc/motd at the same time somebody was editing /etc/motd
manually.


#246 of 251 by gull on Mon Mar 17 13:41:32 2003:

For what it's worth, yesterday morning my IDS at work logged what
appeared to be an attempt to exploit the sendmail vulnerability
mentioned earlier in this message.  Unfortunately I didn't have full
logging turned on, so I can't say whether it had any shellcode attached
or whether the goal was just to crash sendmail on vulnerable servers.


#247 of 251 by keesan on Mon Mar 17 23:20:23 2003:

I dialed in and was told (twice)  Unable to find your tty (ttyu1) in uutmp
file.  What does this mean and what stupid thing did I do that caused it?
Bbs works anyway.


#248 of 251 by russ on Wed Mar 19 00:20:34 2003:

Mail still cannot be sent from wwnet.com to Grex.

It appears that Grex is applying an unreasonably strict definition
of what constitutes "legitimate conduct".  Shutting off spammers
is one thing; cutting ourselves off from major ISPs is quite another.


#249 of 251 by goose on Fri Mar 21 15:49:53 2003:

The ssh daemon must have died.  I can telnet in, but not ssh.


#250 of 251 by jhudson on Fri Mar 21 17:33:37 2003:

$ ps -ax | grep sshd
 1045 ?  IW    0:05 /usr/local/libexec/sshd
 1293 ?  S     1:44 /usr/local/libexec/sshd
 2212 ?  IW    0:04 /usr/local/libexec/sshd
 2763 ?  IW    0:05 /usr/local/libexec/sshd
 3372 ?  IW    0:03 /usr/local/libexec/sshd
 3569 ?  IW    0:02 /usr/local/libexec/sshd
 3664 ?  IW    0:02 /usr/local/libexec/sshd
 3989 ?  S     0:05 /usr/local/libexec/sshd
23951 ?  S     2:08 /usr/local/libexec/sshd
26686 ?  IW    0:26 /usr/local/libexec/sshd
27290 ?  IW    0:08 /usr/local/libexec/sshd
27652 ?  IW    0:12 /usr/local/libexec/sshd
28254 ?  IW    0:21 /usr/local/libexec/sshd
28434 ?  S     0:08 /usr/local/libexec/sshd
28706 ?  IW    0:09 /usr/local/libexec/sshd
 4292 qc S     0:00 grep sshd
$

It is running now.


#251 of 251 by tonster on Sat Mar 22 03:49:28 2003:

resp:250: not necessarily.  That output doesn't tell me if the main sshd
daemon is running or not.  All of those could very well just be user
sessions, and the main daemon could be dead so no new sessions could
start.


There are no more items selected.

You have several choices: