Weird Network Manager Problem

Mike Dwiggins mike at azdwiggins.com
Sat Sep 25 17:11:50 UTC 2010


  On 9/25/2010 6:38 AM, JB wrote:
> some unrelated software package malfunctions ...
> You have to consider that you have been hacked, I guess. Normally you should
> take your machine offline until you understand what is the damage.
>
> I am only online long enough to test the ping

> Well, where do you get that info from ?
System/Administration/Network/
> Are you auto-configured by dhclient ?
Not supposed to be eth0 is set to Static IP
> Controlled by NetworkManager ?
Yes
> Automatically obtain IP address settings with DHCP ?
Again it is not set to
> Automatically obtain DNS info from provider ?
No
> Also, check:
> $ ps aux |grep -i dhc
> jb        6982  0.0  0.0   4360   708 pts/3    S+   15:21   0:00 grep -i dhc
> root     14415  0.0  0.0   2984   676 ?        S    06:13   0:00 /sbin/dhclient
> -d -4 -sf /usr/libexec/nm-dhcp-client.action -pf /var/run/dhclient-eth0.pid -lf
> /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease -cf
> /var/run/nm-dhclient-eth0.conf eth0
>
> That's response on my system.
On mine

# ps aux|grep -i dhc
root      1047  0.0  0.1   2828  1192 ?        S    08:10   0:00 
/sbin/dhclient -d -4 -sf
/usr/libexec/nm-dhcp-client.action -pf
/var/run/dhclient-eth0.pid -lf 
/var/lib/dhclient/dhclient-15087fb0-92c7-40fe-ad3e-373bf0997205-eth0.lease 
-cf
/var/run/nm-dhclient-eth0.conf eth0
root      2349  0.0  0.0   4360   736 pts/1    S+   08:26   0:00 grep -i dhc
#

> Look at what kind of info you got last time:
> # less /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease
>
> Look at your own config settings:
> # less /var/run/nm-dhclient-eth0.conf
> That's perhaps from:
> # # ls -al /etc/dhclient-*
> -rw-r--r--. 1 root root 40 Feb 21  2010 /etc/dhclient-eth0.conf
> -rw-r--r--. 1 root root 40 Feb 21  2010 /etc/dhclient-wlan0.conf
>
on mine

# ls -al /etc/dhclient-*
ls: cannot access /etc/dhclient-*: No such file or directory
#

/etc/sysconfig/network-scripts/ifcfg-eth0  is as follows

# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
DNS1=68.2.16.30
GATEWAY=x.x.x.1
HWADDR=00:C0:9F:20:FF:BA
IPADDR=x.x.x.12
NETMASK=255.255.255.240
ONBOOT=yes
DNS2=68.1.203.30
TYPE=Ethernet
NM_CONTROLLED=yes
IPV6INIT=no
USERCTL=no
PREFIX=28
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03



At his point I am thinking about pulling the data for my Bind and Web 
pages and doing a scorched earth recovery.

If this was as I am beginning to think a hack just waiting for a reboot 
to pounce< I am not sure if my back-up is clean!




More information about the users mailing list