On Tue, 23 Feb 2016 14:04:52 -0700 Glenn English <g...@srv.slsware.net> wrote:
> > > On Feb 23, 2016, at 8:56 AM, Reco <recovery...@gmail.com> wrote: > > > > First things first, unless someone deliberately customized > > it, /etc/rc.local should contain exactly one meaningful line - 'exit > > 0'. > > It does. See below. > > > Your result shows entirely different thing though. > > Well, I just asked egrep to look for the string 'rc.local' anywhere in a > filename in /etc. And it found what look to me like a couple hidden mozilla > files. In the list of names, not in the execution of the files. '-r' flag forced grep to do a different thing - take a contents of /etc, discard it, and *then* search your current working dir (which happened to be /root) recursively (and case-insensitive) for 'rc.local'. Any other way you'd see /etc/rc.local in the result of grep. > > A simple 'cat /etc/rc.local' would be even better. > > root@log:~# cat /etc/rc.local > #!/bin/sh -e > # > # rc.local > # > # This script is executed at the end of each multiuser runlevel. > # Make sure that the script will "exit 0" on success or any other > # value on error. > # > # In order to enable or disable this script just change the execution > # bits. > # > # By default this script does nothing. > > exit 0 Nothing unusual, but: > > But, that's assuming > > that you can trust your current kernel and userland (see above). > > Are you saying it would be worthwhile to compare my kernel modules to those > in a live CD? Or is that considered overkill and probably not necessary? Why, it's worth a shot. But doing it by hand would be counter-productive. They have invented 'debsums' for cases like this, after all. A small howto follows: 1) Boot from LiveCD. 2) Mount hosts' root and /var (if it's a different filesystem) somewhere. Something like this: mount -o ro,noexec /dev/sda1 /mnt mount -o ro,noexec /dev/sda2 /mnt/var 3) Run LiveCD's debsums like this: debsums -r /mnt -d /mnt/var/lib/dpkg -c It's important that you should run LiveCD's debsums, not hosts' one. 4) Check for any kernel module out of place like this: find /mnt/lib/modules -type f | xargs dpkg --root=/mnt -S 5) And, while you're at it, check for real contents of /etc/rc.local, and for /etc/ld.so.preload. Reco
