On Friday 01 Jul 2011, asterisk asterisk wrote:> I have this error after upgrading to 1.8.4.4 on my centos 5.6 32it
>
> When using GUI to access, I got this error
>
> *** glibc detected *** /usr/sbin/asterisk: double free or corruption
> (!prev): 0x0919c070 ***
>
> The server cannot be connected via GUI and the asterisk CLI dropped and
> exit into linux command line.
Ooo-er. Last time I got an error like this, it turned out that the box had
been compromised with a rootkit.
Luckily, most rootkits give themselves away in trying to make themselves hard
to detect / remove: first they replace some system utilities (which, on
Debian, also breaks colour directory listings) with specially munged ones
(for instance, an ls command that will deliberately not show any of the
rootkit's own extra files; a ps that will not show the extra processes; a
netstat that will not show the rootkit's network connections; and so forth)
and then they set the extended attributes on the new files to prevent them
from being overwritten. So checking extended attributes can give you a clue
that all is not well.
Try
# lsattr /bin
# lsattr /usr/bin
# lsattr /sbin
# lsattr /usr/sbin
All files should have a row of - signs in the left hand column. Any
"a"
or "i" in a file's attributes indicates that the file has had its
extended
attributes modified, and you should be suspicious.
Note: ignore any errors such as "lsattr: Operation not supported While
reading flags on /bin/nc" (this just means the file is a symbolic link,
and
these don't have extended attributes).
--
AJS
Answers come *after* questions.