[Asterisk-Users] asterisk shutdown
Anton Krall
akrall-lists at intruder.com.mx
Wed Jun 28 17:05:52 MST 2006
Im my case, the box is closed down so I dont think its an intruder issue...
Im puzzled...
_____
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of William Piper
Sent: Wednesday, June 28, 2006 4:41 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] asterisk shutdown
On 6/28/06, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
On Wed, Jun 28, 2006 at 04:39:29PM -0400, William Piper wrote:
> The same thing happened to me... I had to get a linux expert to take care
of
> it for me.
>
> I believe the files were either "libpam" or "libss". They were telling
> asterisk to shutdown. I believe they deleted the files it that fixed it.
Is it following a glibc upgrade or something?
I'm not sure what happened only that the answer had to do with those files.
Hell, I don't even know what the files do, all I know is that the files were
like a trojan and were masked as the name of a legitimate file. The affect
was the same as you are having though.
Asterisk is not linked with pam at all. libnss is the glibc name service
switch and has dynamically loading code.
>
> Tighten down your firewall.
Could you be more specific?
This problem happened more than once to us. I believe someone found a
weekness in our system & found a way to access the server. We setup tight
iptables and changed passwords and it hasn't happened again.
I don't even know if this is the same thing, but it took about 7 hours of a
linux guru to figure it out. I figure it couldn't hurt telling you about it.
bp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060628/343f138e/attachment.htm
More information about the asterisk-users
mailing list