Weird /tmp problem
Gavin Nelmes-Crocker
gavin at netergy.com
Wed Dec 6 15:56:21 GMT 2006
> On 06/12/06, Ken A <ka at pacific.net> wrote:
>> You are running ls and df as root, right? Are you running any IDS? It's
>> good to rule out the worst case scenarios first, even if that might seem
>> paranoid. /tmp is an obvious target. ls output shouldn't conflict with
>> df output. check ls -la carefully for anything funny looking (a dir
>> beginning with a space, etc).
Correct i am logged in as root when doing all tests/checks. We're not
running any IDS on the server but have run chkrootkit and can see
nothing bad
> Good sugegstions... Also... When you stop MailScanner, is the "lost
> space" suddenly available again?
Yes - stop mailscanner and /tmp goes back to normal
The difficulty is that i can only run tests that involve turning
Mailscanner back on late at night and for short periods of time due to
the email breaking.
Here are the outputs I'm seeing now with everything working and looking
normal.
df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/md1 6190592 1378676 4497452 24% /
/dev/md0 101018 38557 57245 41% /boot
none 1037728 0 1037728 0% /dev/shm
/dev/md4 64428444 9027064 52128548 15% /home
/dev/md2 1035596 34140 948848 4% /tmp
/dev/md3 4127040 1705624 2211772 44% /var
# cd /tmp/
# ls -al
total 48
drwxrwxrwt 6 root root 4096 Dec 6 15:48 .
drwxr-xr-x 24 root root 4096 Dec 4 13:51 ..
-rw------- 1 root root 50 Dec 5 23:45 ClamAVBusy.lock
drwxrwxrwt 2 root root 4096 Dec 4 13:51 .ICE-unix
drwx------ 2 root root 4096 Apr 3 2006 lost+found
-rw-rw---- 1 mail daemon 248 Dec 4 14:41 majordomo.debug
drwxr-xr-x 2 root root 4096 Dec 4 13:45 paletteStatus
-rw-rw---- 1 mail daemon 6844 Dec 6 15:43 resend.debug
drwx------ 2 root root 4096 Dec 6 15:48 ssh-uJlNFn3025
-r--r--r-- 1 root root 24 Oct 23 20:42 yum.check-update
I'll do the same later tonight with Mailscanner turned on - any other
ideas to try in preparation for testing?
Thanks
Regards
Gavin
More information about the MailScanner
mailing list