[TCLUG] system dying... wont boot past usb filesystem

Fri Aug 15 19:18:20 CDT 2003

On Fri, Aug 15, 2003 at 04:53:26PM -0500, Duncan Shannon wrote:
>Hey gang-
>
>Ive got my gateway at work, which is a beater 233mhz box running rh 7.x
>
>i think its dying... or at a min. something is wrong.
>
>I logged in the other day on the console, and hit a `w` and it was 
>pretty slow... i logged in on another virt. console and it ran `top` 
>and it never quite loaded up all the way... i left it alone.
>
>Yesterday, i tried to ssh to it, i got an `error 11` and couldnt 
>connect.
>
>So i went up to look at it today, and there was what looked like a 
>kernel panic... it was something bad. couldn't do anything from ctrl c 
>to switch virtual consoles to reseting the terminal.
>
>I finally had to reboot it... when it booted up, it never got past 
>`mounting USB filesystem`
>
>I have no USB devices (that are plugged in externally, its from 1997 or 
>so, so i dont think there is much chance for internal usb devices like 
>a floppy)
>
>If i booted into single user mode, i could ctrl-c when it was trying to 
>load the usb file system... then it dropped me into a run level 1 sh# 
>prompt as root. The file system was read only, i couldn't make any 
>changes to modules.conf (to take out anything usb) or do much at all. I 
>tried to `init 3` or start other services by hand... no go.
>
>in the end, i dropped in a replacement box... id like to rescue the 
>other box somehow, is it as all my monitoring software setup and just 
>some other things setup (bind for internal use with an internal zone et 
>al)
>
>Anyone have any suggestions on how to try and bring that box backup 
>online? I was thinking of removing all non-essential drives and 
>peripherals.
I would certainly in the very least boot the machine into single user
mode and run chkrootkit or the like on it, and inspect it for obvious
signs of intrusion.  You may also want to make sure you don't have some
scripts starting at boot, or modules lodaing that you don't need to have
(especially usb stuff).

You can also boot the machine using a rescue disk such as knoppix and
investigate the problem.  Another advantage of booting from a rescue
disk is you get to test the hardware to see if you can recreate the
kernel paniks from a completely different environment.

-- 
Linux Administrator || Technology Specialist || Wifi Engineer
http://autonomous.tv/~spencer/resume/ || spencer at autonomous.tv
Key fingerprint = 173B 8760 E59F DBF8 6FD2  68F8 ABA2 AB08 49C7 4754
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030815/5a8b5c66/attachment.pgp