On Wed, May 7, 2008 at 11:52 AM, Paul Pruett <[EMAIL PROTECTED]> wrote: > What things should I check to fix mknod, short of format hard drive?
You should back up user data, scrub, and reinstall. At this point, you don't really know what was done to break your system and have no reason to be confident that there aren't other things broken that you just don't know about yet. If you actually want to have any confidence that this machine won't spontaneously fail or that it hasn't been compromised in some way, then reinstall. (I mention "compromised" only because mknod will fail with the "Invalid argument" error if run inside a chroot. If some malicious party or practical joker has taken over your machine, hacking the rc scripts to run most stuff inside a chroot would be one way to try to hide the traces. Done properly, tools will be hacked to return lies consistent with that, so there's no guaranteed way to be able to detect the condition, but you could try by checking things like a) does "ls -li /" show the root directory has having inode #2? b) does "fstat | grep ' root'" show _only_ the priv-sep daemons? c) does "fsdb -f /dev/rwd0a" let you browse a directory tree that matches what you see with ls, all the way down to inode numbers and most timestamps? If any of those answer "no", then you've been hacked. If not, however, you still don't know.) Philip Guenther