ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Compaq 3000 (SmartArray 3200) installed with SME6 (RedHat 7.3 based) is just died!!!

Ergin Özdemir
Occasional Contributor

Compaq 3000 (SmartArray 3200) installed with SME6 (RedHat 7.3 based) is just died!!!

Hi everyone!

Strangest thing happened and I really hope I can salvage some data.

I've had my Compaq 3000 (SmartArray 3200 with RAID5) running over 3 years now and everything were running just fine. Lately I've had plans of upgrading everything to a ML530.

Anyway, last week it stopped responding, on console svc was complaining about not being able to write logs to a file.

I tried to stop it with CTL-C and CTL-Z and tried to login for 15-20 mins but messages kept coming. I tried Clt-Alt-Del to boot server that didn't work either.

I then hard booted server and got kernel panic.
Code:
Kernel panic no init found Try passing init=


I tried a few things to see if I have any files left
1- RedHat 7.3 Rescue mode - It says there are no Linux partitions so it quits. When I check
Code:
# fdisk /dev/ida/c0d0

I see 3 Linux partitions (boot, sap and root-partition)

Found some info about cpqarray in the page
http://www.isg.rhul.ac.uk/~nessim/technical/rh7.3_on_proliant_1500.html

2- I tried with Knoppix 3.3 and 4.02, I can mount boot-partition but there are almost no files in partition.

3- I started server with SmartStart 5.0 and it looks like both array-card and battery are OK.

Anyone has any sugestions? Appriciate any help.
_________________
Best rgds, Ergin
http://ergin.dyndns.org/download/
......
1 REPLY
Ergin Özdemir
Occasional Contributor

Re: Compaq 3000 (SmartArray 3200) installed with SME6 (RedHat 7.3 based) is just died!!!

UPDATE: I found these in my firewall logs, looks like the server was hacked. Anyone has a clue?


192.168.XXX.YYY - - [20/Apr/2006:17:57:53 +0200] "GET http://81.58.26.26/libsh/ping.txt HTTP/1.1" 200 358
192.168.XXX.YYY - - [20/Apr/2006:17:57:56 +0200] "GET http://81.58.26.26/libsh/ping HTTP/1.1" 200 15808
192.168.XXX.YYY - - [20/Apr/2006:17:57:56 +0200] "GET http://81.58.26.26/libsh/ping HTTP/1.1" 304 16087
192.168.XXX.YYY - - [20/Apr/2006:17:57:57 +0200] "GET http://81.58.26.26/libsh/ping.txt HTTP/1.1" 304 633

192.168.XXX.YYY - - [20/Apr/2006:18:15:59 +0200] "GET http://linuxb0x.netfirms.com/loginx.tar.gz HTTP/1.1" 200 195822

[20/Apr/2006 18:15:59] VIRUS charset="en" file="http://linuxb0x.netfirms.com/loginx.tar.gz" hostip="192.168.XXX.YYY" hostname="ergin.dyndns.org" protocol="HTTP" time="Thu Apr 20 18:15:59 2006" username="-" virus="McAfee verdict: Linux/Exploit-LDT"
[20/Apr/2006 18:15:59] Virus: McAfee verdict: Linux/Exploit-LDT, client - 192.168.XXX.YYY, http://linuxb0x.netfirms.com/loginx.tar.gz
[20/Apr/2006 18:15:59] Virus: Suspicious file http://linuxb0x.netfirms.com/loginx.tar.gz stored into quarantine as c:\program\kerio\winroute firewall\quarantine\http_060420_181559-53621.tmp

192.168.XXX.YYY - - [20/Apr/2006:18:16:01 +0200] "GET http://linuxb0x.netfirms.com/loginx.tar.gz HTTP/1.1" 206 986