what caued 'cannot find /usr/lib/ld.so.1' error?

yuzh
 
Thank you very much for you reply.
I am not sure whether I have trunking 1.3 utility, acturally I don't know what is it for.

I will follow your suggestion to see how it is going.

It is ok to re-install the system, but I really want to know how I could avoid this kind of attack as much as possiable.
I was afraid the server would be hacked, so the day before it could not startup, I did shutdown the server.
But the next day, ...
Is it possiable that the server is hacked and still running well before rebooting?

Could you teach me more on how to protect the server from hacking...

thank you again.

listening ..

Hi,

Assuming that this is not a security breach, it could be a problem with the filesystem.

When the server rebooted, did it prompt you to manually fsck any filesystems?

Is /usr a separate partition?

I see you can login to the box so do this please:

/sbin/sh

echo /*
echo /usr/*
echo /usr/lib/*

If the /usr/lib/ld.so.1 file is indeed missing or corrupt you can use the copy which is /etc/lib/ld.so.1

Another critical file is /usr/lib/libc.so.1

You will probably need to boot from another device to resolve this problem.  Can you boot from CD if necessary?

Regards, Nisus
http://www.omnimodo.com

Dear yuzh

I made a new installation on a new disk.
1. I have installed the latest patch.
2. I am not sure what service is not need, so i did not change anything in inetd.conf.
I know definatly we need telnet and FTP..
I disabled the unwanted service as you suggested at startup
/etc/init.d/inetsvc has a line
/usr/sbin/inetd -s &
i did not change it...

BTW : how can I change the umask of root , what does 027 for? Is it nessary to do that, I saw some article mentioned that.

I will try to add more security tools later.

Regarding the bad disk.
I tried to boot from cdrom, single user mode, mount the disk after that as /a
and copied /etc/lib/ld.so.1 to /a/usr/lib/
but during start up it still says can not find ld.so.1.

I also tried to fsck.
all slice are successfully done except s1
#fsck -F ufs /dev/dsk/c1t0d0s1
it says BAD SUPER BLOCK: MAGIC NUMBER WRONG

I did
# newfs -N /dev/rdsk/c1t0d0s1
had got many super-block backups at 32, 92592, 277712,../8138144 etc.
then
# fsck -F  ufs -o b=32 /dev/dsk/c1t0d0s1
it still show the same magic number wrong error.

Any Good suggesions?

> .. umask .. what does 027 for?
enshures that all files and dirs created by root have no world permission and only read/write for group

> it still show the same magic number wrong error
sounds like your disk has bad blocks.
Either format the disk low-level, or exclude the reported blocks by newfs

ahoffmann,

>enshures that all files and dirs created by root have no world permission and only read/write for group
how to set the umask to 027?


>sounds like your disk has bad blocks.
>Either format the disk low-level, or exclude the reported blocks by newfs
with bad blocks, is it possiable to have it repaired and have all the data suvived?

If not, I will reinstall solaris, SHOULD me repair the block before installation?

thank you !

--- "how to set the umask to 027?"

put:
umask  027

in root's .profile

-- "with bad blocks, is it possiable to have it repaired and have all the data suvived?"

You can try to use "format" command to repair the HD. try to copy the data to tape or
another filesystem.

"I know definatly we need telnet and FTP.."
    FTP and TELNET - plain text password! use ssh and sftp instead of telnet and ftp .
    In case you still have good reason to keep them,  install  tcp_wrappers and then
    configure only the trust user from trust can telnet/ftp to your system.
   
   DO NOT allow root ftp, create a  /etc/ftpusers file, and put the followings in the file:
root
daemon
bin
sys
adm
lp
uucp
nuucp
listen
nobody
noaccess
nobody4

    then
 chmod 600 /etc/ftpusers  

   Please read my comment (including the links):
   http://www.experts-exchange.com/Operating_Systems/Solaris/Q_20910530.html#10546807

   Good luck!

yuzh

Last question,
I am going to cpy everything from a good disk to the bad one.

Should I  repaire the bad one before copying?

How to copy between 2 HD?

How can I know which one is the good one.

IF I copy from bad to good one, that is too bad!!

> Should I  repaire the bad one before copying?
no.

> How to copy between 2 HD?
2 possibilities:
  1. cd /disk2/dir; (cd /root-of-disk1 && tar cf - * .[^.]*)|tar xf -
  2. cd / && dd if=`df -k . | awk '{print $1}'` of=/disk2/disk1.dd.dump bs=1024 count=`df -k . | awk '{print $2}'`
while tar may fail with the bad blocks, dd copies everything including the bad blocks (if possible)

> reinstall solaris, SHOULD me repair the block before installation?
no.
You need to lowlevel format first, then use newfs on that partition excluding the bad blocks.

IMHO, a disk with bad blocks is subject for the trash-can

BAD news

I tried DD to copy everything from another disk

# dd if=/dev/dsk/c1t0d0s2 of=/dev/c1t1d0s2 bs=1024b
dd: unexpected short write, wrote 147456 bytes, expected 524288
7829+0 records in
7829+0 records out
# Mar 11 16:14:21 m001 ufs: NOTICE: alloc: /: file system full

i boot with that disk, failed.

I gave up and begain installation from DVD.

But I was not asked to divid the patition, and it finished.

What should I do with the patition?
This is the first time i use GUI to do the installation, the COM1 doesn't work.

SAD:(

Looks like you got the dd command wrong.  You wrote to /dev instead of /dev/dsk.  You could possibly remove /dev/c1t1d0s2  and try again.  The geometry of the disks should be identical for this procedure.

I would have done this (using the raw device):

dd if=/dev/rdsk/c1t0d0s2 of=/dev/rdsk/c1t1d0s2 bs=4096

Regards, Nisus.

you need to get rid of the /dev/c1t1d0s2 file (output from you dd command!)

If the Harddisk are not identical, don't use "dd", you can find a lot of infor about how to clone
a disk in this TA, just do a  search.