Hi!
My /var/log/messages files are being filled up with the following error...
Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden failed, reason given by server: Permission denied Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure server:/home/.hidden on /home/.hidden Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden
What is /home/.hidden? Why can't it be mounted? And, can I simply delete it?
Basically, what is this error from and how can I stop it from occurring?
Thanks in advance for any help.
Allison Maury wrote:
/messages files are being filled up with the following error...
Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden failed, reason given by server: Permission denied Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure server:/home/.hidden on /home/.hidden Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden
What is /home/.hidden? Why can't it be mounted? And, can I simply delete it? Basically, what is this error from and how can I stop it from occurring?
Thanks in advance for any help.
That looks REALLY REALLY REALLY BAD. YOUR machine is trying to mount a directory from another machine and is being refused. If YOU didn't set this up then someone else on your machine did. The name of the directory ".hidden" implies evil intent. See if you can find a check root kit package for Centos. Lock down your machine right away and start looking for modified RPMs.
I don't use automount, but it doesn't look like a normal user should be able to touch the control files involved. Examine /etc/auto.master, man autofs and man automount.
Ed Clarke wrote:
Allison Maury wrote:
/messages files are being filled up with the following error...
Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden failed, reason given by server: Permission denied Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure server:/home/.hidden on /home/.hidden Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden
What is /home/.hidden? Why can't it be mounted? And, can I simply delete it? Basically, what is this error from and how can I stop it from occurring?
Thanks in advance for any help.
That looks REALLY REALLY REALLY BAD. YOUR machine is trying to mount a directory from another machine and is being refused. If YOU didn't set this up then someone else on your machine did.
Yikes. So, I did set up the mounting of /home, which is located on an NFS server. But, I don't know what the .hidden directory is.
The name of the directory ".hidden" implies evil intent. See if you can find a check root kit package for Centos. Lock down your machine right away and start looking for modified RPMs.
I'll look into what you suggested. Thanks.
Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden failed, reason given by server: Permission denied Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure server:/home/.hidden on /home/.hidden Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden
What is /home/.hidden? Why can't it be mounted? And, can I simply delete it? Basically, what is this error from and how can I stop it from occurring?
Thanks in advance for any help.
The name of the directory ".hidden" implies evil intent. See if you can find a check root kit package for Centos. Lock down your machine right away and start looking for modified RPMs.
I used rkhunter to check for what evil might be going on. The only thing it listed were 2 vulnerable apps that seem to just be "Old or patched version" (OpenSSL 0.9.7a and PHP 4.3.9). This doesn't seem like the problem (am I wrong?).
I realize that this is a basic question, but I'm a bit of a newbie. How do I go about looking for modified RPMs?
Thanks!
-
Allison Maury -
Ed Clarke