[Systems] Sunjammer "test" user

Samuel Cantero scanterog at gmail.com
Mon Apr 4 15:14:26 EDT 2016


Can't check it now, but maybe the ldap db is corrupted and the service
stopped working. We do have a backup anyway. When I get time again I will
dig into it.

I'm scared anyway cause apparently someone tampered our wtmp and btmp.

On Mon, Apr 4, 2016 at 2:22 PM, Sebastian Silva <sebastian at fuentelibre.org>
wrote:

> Thank you! I'm in.
>
>
> On 04/04/16 13:25, Samuel Cantero wrote:
>
> Please, try again.
>
> On Mon, Apr 4, 2016 at 2:18 PM, Sebastian Silva <sebastian at fuentelibre.org
> > wrote:
>
>> Hi,
>>
>> I was trying to log into sunjammer to help out samson with an email alias
>> and failed to log in.
>>
>> $ ssh sunjammer.sugarlabs.org
>> Warning: Permanently added the RSA host key for IP address
>> '208.118.235.53' to the list of known hosts.
>> Permission denied (publickey).
>>
>> Is this because of the LDAP database problem? I think you mentioned I
>> needed a real user in sunjammer.
>> I'd like to help if you can help me access sunjammer again.
>>
>> Thanks in advance,
>> Sebastian
>>
>>
>> On 04/04/16 10:31, Samuel Cantero wrote:
>>
>> I've applied a db_recovery:
>>
>> sunjammer:~# db_recover -v -h /var/lib/ldap
>> BDB2526 Finding last valid log LSN: file: 1 offset 53062
>> BDB1518 Recovery complete at Mon Apr  4 11:29:25 2016
>> BDB1519 Maximum transaction ID 0 recovery checkpoint [1][53006]
>>
>> As you can see the recovery has completed but I can't still remove the
>> test user.
>>
>>
>> On Mon, Apr 4, 2016 at 11:22 AM, Samuel Cantero < <scanterog at gmail.com>
>> scanterog at gmail.com> wrote:
>>
>>> I can't figure it out what is going on with our LDAP database. I can't
>>> delete the "test" user. I tried it with:
>>>
>>> ldapdelete -x "uid=test,ou=People,dc=sugarlabs,dc=org"
>>>
>>> and also with ldapvi. None of them worked.
>>>
>>> If I start it in debug mode I can't find anything broken.
>>>
>>> /usr/sbin/slapd -u openldap -h ldapi:/// -d 256
>>>
>>> But If a try to re-index the db I've got this:
>>>
>>> sunjammer:~# slapindex
>>>
>>>  BDB0061 PANIC: BDB0087 DB_RUNRECOVERY: Fatal error, run database
>>> recovery
>>> 57028248 bdb(dc=sugarlabs,dc=org): BDB0060 PANIC: fatal region error
>>> detected; run recovery
>>> 57028248 bdb_db_close: database "dc=sugarlabs,dc=org": txn_checkpoint
>>> failed: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery (-30973)
>>>
>>> I'll keep you updated.
>>>
>>> On Mon, Apr 4, 2016 at 10:26 AM, Bernie Innocenti < <bernie at codewiz.org>
>>> bernie at codewiz.org> wrote:
>>>
>>>> On 04/04/16 09:40, Samuel Cantero wrote:
>>>> > # test, People, sugarlabs.org <http://sugarlabs.org>
>>>> > dn: uid=test,ou=People,dc=sugarlabs,dc=org
>>>> > uid: test
>>>> > cn: Test
>>>> > sn: Test
>>>> > objectClass: person
>>>> > objectClass: organizationalPerson
>>>> > objectClass: inetOrgPerson
>>>> > *mail: <als-at at yandex.ru>als-at at yandex.ru <mailto:als-at at yandex.ru>*
>>>> > displayName: Test
>>>>
>>>> No shell? Odd. And no entry in the lastlog either.
>>>>
>>>> From the record ID in ldap, it looks like the user has been there fore a
>>>> long time.
>>>>
>>>> Moreover, the wtmp and btmp files show signs of having been tampered
>>>> with (note the dates):
>>>>
>>>> sunjammer:/var/log# ll wtmp*
>>>> -rw-rw-r-- 1 root utmp 375K Apr 4 10:19 wtmp
>>>> -rw-rw-r-- 1 root root 617K Jun 1 2015 wtmp-20141201
>>>> -rw-rw-r-- 1 root root 1023K Jun 1 2015 wtmp-20150601
>>>> -rw-rw-r-- 1 root utmp 29K Dec 31 19:07 wtmp-20160101.xz
>>>> sunjammer:/var/log# ll btmp*
>>>> -rw-rw---- 1 root utmp 7.2M Apr  4 08:29 btmp
>>>> -rw-rw---- 1 root utmp   32 Sep  1  2014 btmp-20141001.xz
>>>> -rw-rw---- 1 root utmp   32 Oct  1  2014 btmp-20141101.xz
>>>> -rw-rw---- 1 root utmp   32 Nov  1  2014 btmp-20141201.xz
>>>> -rw-rw---- 1 root utmp   32 Dec  1  2014 btmp-20150101.xz
>>>> -rw-rw---- 1 root utmp   32 Jan  1  2015 btmp-20150201.xz
>>>> -rw-rw---- 1 root utmp   32 Feb  1  2015 btmp-20150301.xz
>>>> -rw-rw---- 1 root utmp   32 Mar  1  2015 btmp-20150401.xz
>>>> -rw-rw---- 1 root utmp   32 Apr  1  2015 btmp-20150501.xz
>>>> -rw-rw---- 1 root utmp   32 May  1  2015 btmp-20150601.xz
>>>> -rw-rw---- 1 root utmp   32 Jun  1  2015 btmp-20160101.xz
>>>>
>>>>
>>>> --
>>>>  _ // Bernie Innocenti
>>>>  \X/  http://codewiz.org
>>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Systems mailing listSystems at lists.sugarlabs.orghttp://lists.sugarlabs.org/listinfo/systems
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160404/115a531b/attachment.html>


More information about the Systems mailing list