[asterisk-users] error in GUI access

asterisk asterisk asterisk at ck-lee.com
Fri Jul 1 17:34:28 CDT 2011


Hi,

I did not find any file with a or i with your suggested commands.

Any other clues?

CK

On Fri, Jul 1, 2011 at 6:23 PM, A J Stiles <asterisk_list at earthshod.co.uk>wrote:

> On Friday 01 Jul 2011, asterisk asterisk wrote:
> > I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it
> >
> > When using GUI to access, I got this error
> >
> > *** glibc detected *** /usr/sbin/asterisk: double free or corruption
> > (!prev): 0x0919c070 ***
> >
> > The server cannot be connected via GUI and the asterisk CLI dropped and
> > exit into linux command line.
>
> Ooo-er.  Last time I got an error like this, it turned out that the box had
> been compromised with a rootkit.
>
> Luckily, most rootkits give themselves away in trying to make themselves
> hard
> to detect / remove:  first they replace some system utilities  (which, on
> Debian, also breaks colour directory listings)  with specially munged ones
> (for instance, an ls command that will deliberately not show any of the
> rootkit's own extra files; a ps that will not show the extra processes; a
> netstat that will not show the rootkit's network connections; and so forth)
> and then they set the extended attributes on the new files to prevent them
> from being overwritten.  So checking extended attributes can give you a
> clue
> that all is not well.
>
> Try
>
> # lsattr /bin
> # lsattr /usr/bin
> # lsattr /sbin
> # lsattr /usr/sbin
>
> All files should have a row of - signs in the left hand column.  Any "a"
> or "i" in a file's attributes indicates that the file has had its extended
> attributes modified, and you should be suspicious.
>
> Note:  ignore any errors such as "lsattr: Operation not supported While
> reading flags on /bin/nc"  (this just means the file is a symbolic link,
> and
> these don't have extended attributes).
>
> --
> AJS
>
> Answers come *after* questions.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110702/d121fe1b/attachment.htm>


More information about the asterisk-users mailing list