Solved

Urgent: No space left on Disk -- VIRUS?  ( Linux )

Posted on 2004-09-21
3
157 Views
Last Modified: 2010-04-11
All of a sudden, my hard drives on linux got full.. There are two HDs mounted... one got full ... i thought i just need to delete some files... but now the second one shows 100% too ..

I rebooted the computer and now its not booting up...  HELP NEEDED!

0
Comment
Question by:jibranilyas
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 500 total points
ID: 12114267
Use boot diskette or CD.

If you were not adding stuff, you probably have no virus but opened up vulnerability to allow people to internet their files for you for free anonymous storage.  Generally, remove TCP for that, and until you secure better, remove all networking.

For future, with linux or anything, reserve one disk for only the system files and use.  Set up other disk with the applications and all temporary files, such as eMail and logs.

A recent thread complained about Oracle.  Our answer is, that you, the Admin, must exercise control over the applications logs of anything, how many things are tracked, and how big a file can be - files which you should ensure never go to boot drive.  I suppose if you tried on your own to run some malware sniffer to record everythin possible, one could learn that one cannot store everything possible.

Last ditch effort, build a separate drive for booting, then attach these to get any files needed, and clean them up while doing a post-mortem analysis of what broke it. You cannot add space to a full disk.  Booting requires access to at least a little bit of temporary space. With a diskette, you might get up long enough to at least delete a few unnecessary files.   Alternatively, boot to maintenance mode and run some cleansing jobs than my remove crosslinked sectors, locate lost sectors, and otherwise make some space available.  Rule applies to all OS.
0
 
LVL 5

Expert Comment

by:zerofield
ID: 12115482
use a recovery disk, a knoppix or kanotix disk, either one.  boot up.

once at a command window or command line, mount your partition (i really hope i dont need to show you this, but just in case..)

it'll resemble something along the lines of:

mount /dev/hda1 /mnt/hda1  (ide)    or   /dev/sda1 (scsi)  or   /dev/md1   (multi disk stuff)

get it mounted, then run this command (modified accordingly):

find /mnt/hda1 / -size=+1000

you may want to man find to check out how to modify that command.  essentially, you're looking for large files.  you could combine du and wc commands to try to find directories with hundreds of thousands of files, but searching for all files larger than say, 2-5 megs would probably show you something.

my guess would be to check in the /var some first, look for databases or logs of enormous sizes.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 12138499
thanx.
              (but don't neglect the other comment)
                                                                                      Good Fortune !
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Installing Tor browser 15 89
nmap scanner? 7 82
Mobile penetration testing 2 70
How to batch remove spreadsheet password 19 93
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now