Moritz Grimm wrote:
I cannot do that - the box is over 500KM away from me.
Well, okay, but calling the ISP for help in case of DoS is still
something you should do - if the source(s) of the attack come from a
reasonably small portion of the 'net, they can null-route those
networks, giving the rest of your customers a chance to continue to
use your service... at least until they change the attack vector, but
I guess it's too early to tell how sophisticated those assholes are.
The attack comes from Romania... it's from a single IP. I blocked the
IP address with a
"pf" rule and the attacks stopped. It was just really annoying when I
was getting all
that console output.
But the "pkill syslogd" seems a reasonable thing to do, but how do I
set it back again?
This is what /etc/rc does:
echo 'starting system logger'
rm -f /dev/log
if [ "X${named_flags}" != X"NO" ]; then
rm -f /var/named/dev/log
syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
if [ -d /var/empty ]; then
rm -f /var/empty/dev/log
mkdir -p -m 0555 /var/empty/dev
syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
fi
syslogd ${syslogd_flags}
One other problem I have is my "ps" don't work, but that problem is
going to be fixed
in my next scheduled upgrade.
That sounds like your kernel and userland are out of sync. Not a good
idea on a production machine ...
I know - and intend to fix it as soon as I can get a few days off of
work to drive the 400 KM
to upgrade it.
I have a few friends who help me administer it. I just have to arrange
a time when we can
drive up to upgrade it. Unless it's possible to restore the binaries
without having direct
access to the box, and hopefully not get locked out.
I'm a bit new at this so the shell script you sent me is interesting,
but I'm going to have to
study it some more... I just want to know how to restore it.... do I
have to execute that
script to restore it? Or am I supposed to look at the script and
figure out what commands
to type in to restore it?
John
