[asterisk-users] Booting Error for /dev/kmem
Steve Edwards
asterisk.org at sedwards.com
Thu Oct 29 16:29:21 CDT 2009
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Torintino
> T
>
> Suddenly i found an error while booting, it says:
>
> Fuck: can't open /dev/kmem for read/write (2)
On Thu, 29 Oct 2009, Danny Nicholas wrote:
> You've been root-kit'ted. Go into recovery mode and restore your files.
Any time you suspect that a box has been compromised the only solution is
to pull the drives, replace them with fresh drives and install from the
CD/DVD and your backups.
What if the cracker munged your recovery mode to erase the drives or to
plant itself back into your recovered system?
You cannot trust any executable or script from the old drives.
If you need data from the old drives, mount them as "non-boot" drives,
copy the data and then label them as compromised and put them on the shelf
until you know you don't need anything from them and then re-format.
This assumes you aren't looking to go legal. Then you have to learn about
"chain of custody" and preserving evidence.
You should also examine every host on your network as well as any system
that "trusts" this host.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list