<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=656200500-29062006><FONT face=Verdana
color=#0000ff size=2>Im my case, the box is closed down so I dont think its an
intruder issue... Im puzzled...</FONT></SPAN></DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] <B>On Behalf Of </B>William
Piper<BR><B>Sent:</B> Wednesday, June 28, 2006 4:41 PM<BR><B>To:</B> Asterisk
Users Mailing List - Non-Commercial Discussion<BR><B>Subject:</B> Re:
[Asterisk-Users] asterisk shutdown<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=gmail_quote>On 6/28/06, <B class=gmail_sendername>Tzafrir
Cohen</B> <<A
href="mailto:tzafrir.cohen@xorcom.com">tzafrir.cohen@xorcom.com</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On
Wed, Jun 28, 2006 at 04:39:29PM -0400, William Piper wrote:<BR>> The same
thing happened to me... I had to get a linux expert to take care of <BR>>
it for me.<BR>><BR>> I believe the files were either "libpam" or
"libss". They were telling<BR>> asterisk to shutdown. I believe they
deleted the files it that fixed it.<BR><BR>Is it following a glibc upgrade
or something? </BLOCKQUOTE>
<DIV> </DIV>
<DIV>I'm not sure what happened only that the answer had to do with those
files. Hell, I don't even know what the files do, all I know is that the files
were like a trojan and were masked as the name of a legitimate file. The
affect was the same as you are having though. </DIV><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Asterisk
is not linked with pam at all. libnss is the glibc name service<BR>switch
and has dynamically loading code. <BR><BR>><BR>> Tighten down your
firewall.<BR><BR>Could you be more specific?</BLOCKQUOTE>
<DIV> </DIV>
<DIV>This problem happened more than once to us. I believe someone
found a weekness in our system & found a way to access the server. We
setup tight iptables and changed passwords and it hasn't happened again.</DIV>
<DIV> </DIV>
<DIV>I don't even know if this is the same thing, but it took about 7 hours of
a linux guru to figure it out. I figure it couldn't hurt telling you about
it.</DIV>
<DIV> </DIV>
<DIV>bp</DIV><BR> </DIV><BR></BLOCKQUOTE></BODY></HTML>