[asterisk-users] Strange Issue: asterisk deleted

Antoine Megalla aatef at rocketmail.com
Thu Nov 27 03:11:36 CST 2014


Yes I did, and there is nothing about asterisk in the /var/log folder

I am starting to think that the server on compromised.


Sent from my iPhone

On Nov 27, 2014, at 11:09 AM, Thorsten Göllner <tg at ovm-group.com> wrote:

> Did you take a look at /var/log/syslog?
> 
> Am 26.11.2014 21:08, schrieb Antoine       Megalla:
>> Hi,
>> 
>> I looked for asterisk in /usr/sbin using the commands ls and find and whereis and it was not there.
>> 
>> I know that the process is killed because when I start asterisk using the command asterisk -vvvvc it starts and then it exits and the word killed is wrote on the console.
>> 
>> Ever time I copy a new executable to /usr/sbin either using cp command or make install it gets deleted too.
>> 
>> Now I used the strace command on asterisk and I can clearly see at the end of the strace the line : killed by SIGKILL 
>> This means that something or someone is actually and purposely killing asterisk but I do not know what or who is doing that also I know that I am the only user on the system.
>> 
>> Again any indicators to solve this very weird issue are welcomed.
>> 
>> Regards,
>> Antoine Megalla
>> 
>> Sent from my iPhone
>> 
>> On Nov 26, 2014, at 6:12 PM, Thorsten Göllner <tg at ovm-group.com> wrote:
>> 
>>> 
>>> Am 26.11.2014 11:37, schrieb Antoine Megalla:
>>>> Hi,
>>>> 
>>>> I am struggling with  a very strange issue I have been facing for the past week;
>>>> I have a fresh install of CENTOS 5.11 and I have installed asterisk 1.8.32 form sources.
>>>> The asterisk installation went fine but as soon as I start asterisk executable it loads everything and then after the "Ready" line the process gets killed and when I try to run it again i get: /usr/sbin/asterisk : command not found
>>>> 
>>>> I cleaned the source and re-installed asterisk and again the same thing happened again !!!
>>>> I downloaded asterisk versions 1.4, 11, 12 and compiled them from sources and installed them (make install) and amazingly, the same thing happened to all of them: I do a "make" then "make install" and as soon as I start asterisk the process is killed and the executable removed from /usr/sbin.
>>>> 
>>>> I tried to look a the asterisk log files but I cannot find a single error in them.
>>>> Also if it was really deleted how did bash know that asterisk is supposed to be located in /usr/sbin/asterisk ?
>>>> 
>>>> I tried to copy the executable myself after compilation (everything done as root) to the /usr/sbin and again if it runs then it is deleted.
>>>> 
>>>> If someone can explain to me this behavior or advise me on what to check to resolve this issue, then I would be grateful.
>>> 
>>> Hi,
>>> 
>>> you write "Also if it was really deleted .." - did you looked at it via "ls /usr/sbin/asterisk"?
>>> 
>>> You compiled asterisk (make / make install) as root I think. Perhaps access rights are not set properly? root is owner but you try to start the daemon as "normal" user?
>>> 
>>> You write "the process is killed". Where do you now? Did you get a message on your terminal? Did you take a look at /var/log/syslog?
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20141127/7903c187/attachment.html>


More information about the asterisk-users mailing list