redhat 7.0 boot hang issue

[gaf at blu.org (Jerry Feldman)]

It would be very difficult to determine the damage done by an intrusion. 
They could have placed a trojan horse or done other damage you may not be 
aware of.

However, to get your system up and running, 
1. Make sure you have a bootable diskette.
2. Boot an MS-DOS diskette. Run fdisk /mbr to clear the Master boot record.
3, Boot back into Linux using the boot disk you created or any Linux 
emergency boot disk. Run lilo to rebuild the MBR.
4. Make sure that /bin/sh is a symbolic link to /bin/bash.
5. Reboot. This MAY fix your boot problem. 
I would also check the date and permissions of some of the more critical 
utilities, such as bash.

If you have a backup BEFORE the intrusion, you might want to restore the 
more stable directories, lib\ke bin, /usr/bin, /lib, /usr/lib just to make 
sure that they are restored back to what they were.
Hugh Rutledge wrote:
> My company runs redhat 7.0 on its rackmount server for
> its web and email functions.  After an apparent
> intrusion,  the server will no longer do full reboot--
> it hangs after the "freeing 76k memory" point.  It
> will reboot under linux init=/bin/bash rw.  
> 
> You probably know that redhat doesn't support the
> product,  our inhouse people have not been able to
> locate the issue,  and solving the problem buy upgrade
> requires a minimum of anouth 120 hours of downtime.
> 
> Is there anyone who can help for love or money?
> 
> Hugh Rutledge
> International Press
> 617-623-2033
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
> 

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9