General discussion

Locked

Possible Virus Infection or OS event

By stefanj ·
I have a client who operates a 20 node network with a server appliance call Nexserver by Syrinex. www.syrinex.com

This box uses a Linux 2.0 based OS. Recently aproximatley 90 percent of the data file on it's drive have been switched to READ ONLY. There are no features in the OS to make changes to the attributes of all files at one time. This activity is suspicious enough to warrant the search for a virus. Well...no viruses turned up in the scan. Tell me what you think. I have engineers at Syrinex trying to figure this on out to no avail.

Good Luck and Thanks

Stefan Wynn Jones
ACE-TECH COMPUTER
412-221-8005 EXT 107

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Possible Virus Infection or OS event

by jesalyer In reply to Possible Virus Infection ...

I think you're looking at either a security issue or a flat-out employee goof-up over at the client's. Viruses are not the only thing that can eat data like Pac-man eats dots.

I probably would not have thought these unkind thoughts, except you yourself used the word 'suspicious'.

jeff s
spanish helpdesk technician

Collapse -

Possible Virus Infection or OS event

by stefanj In reply to Possible Virus Infection ...

The question was auto-closed by TechRepublic

Collapse -

Possible Virus Infection or OS event

by McKayTech In reply to Possible Virus Infection ...

I can't comment on the Syrinex implementation of Linux but I run a server based on the Linux 2.0.36 kernel and one certainly can make changes on large numbers of files by running CHMOD recursively.

The other thought I had is that there is a default set of file permissions determined by the umask. If the umask got set to establish read-only permissions as the default, then all new files created after that point would be read-only.

My guess would be the ubitquitous "Operator Error". I know that as a Net Admin, I should be more paranoid and suspicious but I try not to attribute to malevolence that which was only ignorance. But I would want to re-visit the permissions and pay particular attention to the integrity of the root account.
paul

Paul M. Wright, Jr.
McKay Technologies

Collapse -

Possible Virus Infection or OS event

by stefanj In reply to Possible Virus Infection ...

The question was auto-closed by TechRepublic

Collapse -

Possible Virus Infection or OS event

by jpereira In reply to Possible Virus Infection ...

Partitions can be mounted read only as well. This is usually only if something goes horribly wrong, e.g. it fails to fsck and somebody deliberately mounts it to recover the data.

This is probably not your problem because you'd expect to see all sorts of horrible problems other than just "all the files are read only."

Collapse -

Possible Virus Infection or OS event

by stefanj In reply to Possible Virus Infection ...

The question was auto-closed by TechRepublic

Collapse -

Possible Virus Infection or OS event

by mutated In reply to Possible Virus Infection ...

The most probable cause for this is someone using a chmod -R (recusive)by mistake, I would check everyone who has access to this .bash_history first to see if you can find evidence of this here. It is also possible that this has been done malicously, so if you find no evidence in .bash_history you may want to review your other system logs

Collapse -

Possible Virus Infection or OS event

by stefanj In reply to Possible Virus Infection ...

The question was auto-closed by TechRepublic

Collapse -

Possible Virus Infection or OS event

by stefanj In reply to Possible Virus Infection ...

This question was auto closed due to inactivity

Back to Linux Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums