Thread: Home directories gone?
01-02-2007, 06:54 PM #1
Home directories gone?
Need some advice regarding an issue on one of my servers.
Clients home directories keep randomly being deleted. The accounts aren't terminated, just the home directories.
I've changed root pass etc, any other ideas what could be causing this?
01-02-2007, 06:57 PM #2
01-02-2007, 07:27 PM #3WHT Addict
- Join Date
- Jun 2004
- San Diego, CA
Have you checked the permissions of the directories? Make sure they aren't somehow getting created with world-write/execute. Are any other directories missing or just the homes? Are the home directories on a separate disk from the rest of the OS? Possible data corruption? Have you checked your /var/log/messages?Matt Bloom
AngryHosting - Load balanced/redundant shared hosting solutions
01-03-2007, 08:59 PM #4
I've checked all that, /home is on the same disk drive as the OS. Even had PSM take a look they can't see what's causing it. I've ordered a server reinstall now just incase there are any backdoors or anything.
01-03-2007, 09:13 PM #5Clients home directories keep randomly being deleted. The accounts aren't terminated, just the home directories.
what does history state?
Are the entire home directories (ie: /home/client) being removed, or just contents inside of them?
Do these clients run any sort of scripts, and has it been verified that they are, in fact, up to date?
01-03-2007, 09:23 PM #6
It's random clients from random resellers,
None of them seem to all have one script installed.
The username doesn't exist in /home, the entire directory is disappearing
01-03-2007, 09:35 PM #7
Before you go through with the reformat, I'd have a security audit done. This can (most of the time) determine what's wrong and where the problem is coming from. If, in fact this is a rootkit (which it sounds like) , then you're probably going to have to reformat ANYWAYS, but you want to try to find the root of the problem before you actually reformat.
Is your OS up to date? How about the kernel?
01-04-2007, 04:54 AM #8Junior Guru Wannabe
- Join Date
- Jun 2004
If time permits do security audit just like linux-tech mentioned. If not, backup data and reformat. But then if there is a rootkit installed, and you backup the rootkit also hehe you will run into the same problem even though you format the server multiple times. I would strongly suggest you to do security audit.- Increase your imagination dramatically but still learning more knowledge.