Solved

Urgent: No space left on Disk -- VIRUS?  ( Linux )

Posted on 2004-09-21
3
161 Views
Last Modified: 2010-04-11
All of a sudden, my hard drives on linux got full.. There are two HDs mounted... one got full ... i thought i just need to delete some files... but now the second one shows 100% too ..

I rebooted the computer and now its not booting up...  HELP NEEDED!

0
Comment
Question by:jibranilyas
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 500 total points
ID: 12114267
Use boot diskette or CD.

If you were not adding stuff, you probably have no virus but opened up vulnerability to allow people to internet their files for you for free anonymous storage.  Generally, remove TCP for that, and until you secure better, remove all networking.

For future, with linux or anything, reserve one disk for only the system files and use.  Set up other disk with the applications and all temporary files, such as eMail and logs.

A recent thread complained about Oracle.  Our answer is, that you, the Admin, must exercise control over the applications logs of anything, how many things are tracked, and how big a file can be - files which you should ensure never go to boot drive.  I suppose if you tried on your own to run some malware sniffer to record everythin possible, one could learn that one cannot store everything possible.

Last ditch effort, build a separate drive for booting, then attach these to get any files needed, and clean them up while doing a post-mortem analysis of what broke it. You cannot add space to a full disk.  Booting requires access to at least a little bit of temporary space. With a diskette, you might get up long enough to at least delete a few unnecessary files.   Alternatively, boot to maintenance mode and run some cleansing jobs than my remove crosslinked sectors, locate lost sectors, and otherwise make some space available.  Rule applies to all OS.
0
 
LVL 5

Expert Comment

by:zerofield
ID: 12115482
use a recovery disk, a knoppix or kanotix disk, either one.  boot up.

once at a command window or command line, mount your partition (i really hope i dont need to show you this, but just in case..)

it'll resemble something along the lines of:

mount /dev/hda1 /mnt/hda1  (ide)    or   /dev/sda1 (scsi)  or   /dev/md1   (multi disk stuff)

get it mounted, then run this command (modified accordingly):

find /mnt/hda1 / -size=+1000

you may want to man find to check out how to modify that command.  essentially, you're looking for large files.  you could combine du and wc commands to try to find directories with hundreds of thousands of files, but searching for all files larger than say, 2-5 megs would probably show you something.

my guess would be to check in the /var some first, look for databases or logs of enormous sizes.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 12138499
thanx.
              (but don't neglect the other comment)
                                                                                      Good Fortune !
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question