Weird Network Manager Problem
Mike Dwiggins
mike at azdwiggins.com
Sat Sep 25 17:11:50 UTC 2010
On 9/25/2010 6:38 AM, JB wrote:
> some unrelated software package malfunctions ...
> You have to consider that you have been hacked, I guess. Normally you should
> take your machine offline until you understand what is the damage.
>
> I am only online long enough to test the ping
> Well, where do you get that info from ?
System/Administration/Network/
> Are you auto-configured by dhclient ?
Not supposed to be eth0 is set to Static IP
> Controlled by NetworkManager ?
Yes
> Automatically obtain IP address settings with DHCP ?
Again it is not set to
> Automatically obtain DNS info from provider ?
No
> Also, check:
> $ ps aux |grep -i dhc
> jb 6982 0.0 0.0 4360 708 pts/3 S+ 15:21 0:00 grep -i dhc
> root 14415 0.0 0.0 2984 676 ? S 06:13 0:00 /sbin/dhclient
> -d -4 -sf /usr/libexec/nm-dhcp-client.action -pf /var/run/dhclient-eth0.pid -lf
> /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease -cf
> /var/run/nm-dhclient-eth0.conf eth0
>
> That's response on my system.
On mine
# ps aux|grep -i dhc
root 1047 0.0 0.1 2828 1192 ? S 08:10 0:00
/sbin/dhclient -d -4 -sf
/usr/libexec/nm-dhcp-client.action -pf
/var/run/dhclient-eth0.pid -lf
/var/lib/dhclient/dhclient-15087fb0-92c7-40fe-ad3e-373bf0997205-eth0.lease
-cf
/var/run/nm-dhclient-eth0.conf eth0
root 2349 0.0 0.0 4360 736 pts/1 S+ 08:26 0:00 grep -i dhc
#
> Look at what kind of info you got last time:
> # less /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease
>
> Look at your own config settings:
> # less /var/run/nm-dhclient-eth0.conf
> That's perhaps from:
> # # ls -al /etc/dhclient-*
> -rw-r--r--. 1 root root 40 Feb 21 2010 /etc/dhclient-eth0.conf
> -rw-r--r--. 1 root root 40 Feb 21 2010 /etc/dhclient-wlan0.conf
>
on mine
# ls -al /etc/dhclient-*
ls: cannot access /etc/dhclient-*: No such file or directory
#
/etc/sysconfig/network-scripts/ifcfg-eth0 is as follows
# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
DNS1=68.2.16.30
GATEWAY=x.x.x.1
HWADDR=00:C0:9F:20:FF:BA
IPADDR=x.x.x.12
NETMASK=255.255.255.240
ONBOOT=yes
DNS2=68.1.203.30
TYPE=Ethernet
NM_CONTROLLED=yes
IPV6INIT=no
USERCTL=no
PREFIX=28
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
At his point I am thinking about pulling the data for my Bind and Web
pages and doing a scorched earth recovery.
If this was as I am beginning to think a hack just waiting for a reboot
to pounce< I am not sure if my back-up is clean!
More information about the users
mailing list