[00:01] <TJ-> knoxy: pastebin the output of "env"
[00:02] <knoxy> LD_PRELOAD=/lib/lib__mdma.so.1
[00:03] <knoxy> I just need to remove the entries from grub... I can remove the files *3.8.0* from /boot and run update-grub ?
[00:03] <markthomas> stetho: I just did this successfully: rsync -v rsync://us.archive.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_7.4-2012.04.orig.tar.bz2 .
[00:03] <TJ-> knoxy: Have you recently edited a bashrc script, either /etc/profile or /root/.bashrc or similar? Because that error is usually caused by having a bash variable definition that has spaces either side of the "="
[00:04] <knoxy> # some more ls aliases
[00:04] <knoxy> alias ll='ls -alF'
[00:04] <knoxy> alias la='ls -A'
[00:04] <knoxy> alias l='ls -CF'
[00:04] <knoxy> ?
[00:04] <knoxy> no
[00:05] <TJ-> knoxy: show us a pastebin of "env" please
[00:10] <knoxy> http://paste.ubuntu.com/6665794/
[00:18] <markthomas> knoxy: looking...
[00:19] <TJ-> knoxy: What is this "lib__mdma.so.1" ? Is it a custom library you've built?
[00:26] <knoxy> TJ-, no, this is a "unknown" library
[00:26] <knoxy> if I move this library to another folder, for example, all commands stops (ls, pwd, ps, and more)
[00:27] <knoxy> when I move this file to another folder, I can restore the machine using SCP to move from target folder to previous folder...
[00:28] <knoxy> because all commands (includes mv) stop to work
[00:29] <knoxy> I dont know what is lib__mdma.so.1
[00:29] <knoxy> when I run "ls" in /lib... I can't see this file
[00:30] <knoxy> when I run ls -l, so I see this file
[00:30] <TJ-> knoxy: I can't find any references to it on the 'net ... I suspect it could be part of a rootkit
[00:30] <knoxy> du -sh /lib/lib__mdma.so.1 - access denied
[00:31] <knoxy> TJ- I talked several times about this file here
[00:32] <knoxy> TJ- no one could tell me what is
[00:32] <knoxy> TJ- I already suspected it was part of a rootkit
[00:32] <knoxy> TJ- to disable this file, I can disable from "env" variables?
[00:32] <TJ-> knoxy: Seriously, you need to rebuild that machine and secure it! make sure no other systems are re-infecting it, ensure your local PC isn't part of the problem
[00:33] <TJ-> knoxy: I would guess if it is a root-kit that other files have been compromised. You need to do a clean rebuild.
[00:33] <knoxy> TJ- I checked all process, users, folders, rkhunter runs, and I cant see the rootkit and other similar problem
[00:34] <knoxy> TJ- Yes, this server will be reinstalled, but all files (my php application) need to be migrated
[00:35] <TJ-> Can you do "objdump -t /lib/lib__mdma.so.1" and show the output to us via a pastebin?
[00:36] <knoxy> TJ- yes, but the datacenter is migrating this server to another rack, please wait
[00:36] <knoxy> I'm waiting the reply
[00:38] <knoxy> TJ- on my Zimbra ZCS server (ubuntu) in this week, I find 3 files in /var/tmp
[00:39] <knoxy> TJ- because a 0day remote exploit for Zimbra has published
[00:39] <knoxy> I remove the files and block the 7071 port for Zimbra Admin
[00:40] <knoxy> the files:
[00:40] <knoxy> root@srv001:~/exploits# ls
[00:40] <knoxy> meep.pl  minerd32  minerd64
[00:40] <knoxy> anyone knows these files?
[00:41] <knoxy> ?
[00:44] <knoxy> minerd64 and minerd32 is used for bitcoin?!
[00:44] <bekks> knoxy: Someone is using your server for bitcoin mining.
[01:00] <knoxy> bekks, this files I found in my Zimbra ZCS server
[01:00] <knoxy> bekks, the url for 0day exploit is http://www.exploit-db.com/exploits/30085/
[01:01] <knoxy> bekks, I dont know if the server is used to more things
[01:01] <bekks> knoxy: Yeah. Someone is exploiting your server. Backup important data, reinstall your server from scratch.
[01:02] <knoxy> bekks, I've other servers and will find other exploits and dangerous files
[01:02] <bekks> Or get the datacenter guys to investigate further, for jurisdical actions.
[01:02] <knoxy> bekks, my contract is restrict just to use the infra of DC
[01:03] <knoxy> bekks, datacenter guys dont have access to my servers
[06:42] <aarcane> Does anybody know how to force DKMS to rebuild a module it says is already built?
[06:48] <Neytiri> this is sort of a odd question, but how woud i use box A as ddos protection for box B.  both boxes are on the public internet but on different subnets and different datacenters
[10:37] <stetho> Does anyone know if ubuntu servers rate limit you or block you in other ways?
[15:19] <balachmar> Hi, I am looking for some documentation how to set up a multisite config for drupal using the ubuntu packages
[17:38] <markthomas> stetho: I don't believe there is any kind of rate limit.  Large Ubuntu clouds mirror the mirrors just as you are attempting to do.
[18:23] <aarcane> on ubuntu 12.04.3 with kernel 3.5.0-43-generic and openvswitch (A setup I have working on two other systems at present)  I get the following error when starting a guest in libvirt:
[18:23] <aarcane> Unable to add bridge br0 port vnet0: No such process
[18:23] <aarcane> Google provides no helpful results, and I'm unable to glean anything from the logs.
[18:39] <TJ-> aarcane: See https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Virtualization_Host_Configuration_and_Guest_Installation_Guide/#App_Bridge_Device
[18:44] <aarcane> TJ-, that's a similar error, but I've found that possible resolution before, and it's not a fruitful path to peruse.
[19:02] <TJ-> aarcane: Permissions of the user are sufficient? "No such process" error can show when elevated permissions aren't available
[19:23] <boldfield> I'm having some issues with dhcpd I was hoping someone could help me with.  I've got a host defined in dhcpd.conf setting a fixed-address, but the client is never assigned the correct IP.  I've triple checked the MAC address and tried clearing the client's leases and removing the relevant entries in server's leases
[19:23] <boldfield> anyone have any ideas of other things I might try to troubleshoot
[19:24] <bekks> The client still has a lease file.
[19:28] <boldfield> I've tried killing the client and clearing the lease files
[19:29] <boldfield> the host just gets a lease on another dynamically assigned IP, not the static one the server is configured to give
[19:29] <boldfield> or... supposedly configured to give, though I can't spot the error in the config, and I've spent a while looking
[19:41] <TJ-> boldfield: maybe you should pastebin the config?
[19:44] <boldfield> TJ-: I've got to check that it's kosher that I do, if so I will
[19:51] <aarcane> TJ-, sudo.
[21:09] <markthomas> boldfield: I assume you checked the obvious, such as restarting dhcpd, making sure there were no other DHCP servers on the subnet, etc.
[21:10] <boldfield> markthomas: you are correct
[21:11] <markthomas> boldfield: Just checking.  Then it's time to look at the config.
[23:27] <sheptard> initramfs seems to be trying to make drivers for a kernel I removed using apt
[23:27] <sheptard> any suggestions?
[23:40] <JanC> sheptard: initramfs doesn't "make" drivers