Scyld 27bz-8 problem (symptom: netstat)
bdorland at kendall.umd.edu
Thu Nov 15 07:48:08 PST 2001
I recently purchased the $2.95 copy (version 27bz-8) of Scyld and have
experienced some difficulties with the installation. Before putting
together a long post, I'd like to know if anyone else has successfully
performed a diskless installation of
"Label Side Up"
Copyright 2001 Scyld Computing Corp.
If so, I am curious whether anyone else has experienced an incorrect
response from the command 'netstat -avupt' when executed as root. I
find that the system does not believe root is root.
I have not connected my cluster to the internet, and I installed to a
new, blank hard drive. No other software has been introduced.
In a completely unrelated incident, another system that I work on was
compromised some time back by a rootkit which exploited a
vulnerability in SSH, and interestingly, one of the early symptoms of
trouble on that system was this same thing: root execution of 'netstat
-avupt' complained that root was not root.
The version of SSH that is shipped with 27bz-8 is in fact vulnerable
to the attack that I experienced on this unrelated system.
I am therefore concerned that something that is admittedly quite
unlikely might have happened, i.e., that the 27bz-8 distribution was
shipped despite having been compromised in some way. I would be very
happy to hear from anyone that can assure me that this is not the case
by providing some explanation for the odd netstat behavior.
In the meantime, I have spent several days tracking down this problem
and will continue to do so. Since the openssh rpm's shipped with
Scyld are modified to be compatible with LFS (not to mention the
kernel and so on), I cannot trivially recover from this problem, if it
is indeed a problem. Also, I cannot find any patches or updates to
the 27bz-8 release on line.
This is my first post to a public list-server. I apologize in advance
for any breach of netiquette.
More information about the Beowulf