FAQ
Hi!

My /var/log/messages files are being filled up with the following error...

Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden
failed, reason given by server: Permission denied
Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure
server:/home/.hidden on /home/.hidden
Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden

What is /home/.hidden? Why can't it be mounted? And, can I simply
delete it?

Basically, what is this error from and how can I stop it from occurring?

Thanks in advance for any help.

Search Discussions

  • Ed Clarke at Sep 15, 2005 at 12:14 pm

    Allison Maury wrote:

    /messages files are being filled up with the following error...

    Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden
    failed, reason given by server: Permission denied
    Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure
    server:/home/.hidden on /home/.hidden
    Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden

    What is /home/.hidden? Why can't it be mounted? And, can I simply
    delete it?
    Basically, what is this error from and how can I stop it from occurring?

    Thanks in advance for any help.
    That looks REALLY REALLY REALLY BAD. YOUR machine is trying to mount a
    directory from
    another machine and is being refused. If YOU didn't set this up then
    someone else on your machine did.
    The name of the directory ".hidden" implies evil intent. See if you can
    find a check root kit package for
    Centos. Lock down your machine right away and start looking for
    modified RPMs.

    I don't use automount, but it doesn't look like a normal user should be
    able to touch the control files involved.
    Examine /etc/auto.master, man autofs and man automount.
  • Allison Maury at Sep 15, 2005 at 1:15 pm

    Ed Clarke wrote:

    Allison Maury wrote:
    /messages files are being filled up with the following error...

    Sep 15 10:39:53 comp automount[15138]: >> mount: server:/home/.hidden
    failed, reason given by server: Permission denied
    Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount failure
    server:/home/.hidden on /home/.hidden
    Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden

    What is /home/.hidden? Why can't it be mounted? And, can I simply
    delete it?
    Basically, what is this error from and how can I stop it from occurring?

    Thanks in advance for any help.

    That looks REALLY REALLY REALLY BAD. YOUR machine is trying to mount
    a directory from
    another machine and is being refused. If YOU didn't set this up then
    someone else on your machine did.
    Yikes. So, I did set up the mounting of /home, which is located on an
    NFS server. But, I don't know what the .hidden directory is.
    The name of the directory ".hidden" implies evil intent. See if you
    can find a check root kit package for
    Centos. Lock down your machine right away and start looking for
    modified RPMs.
    I'll look into what you suggested. Thanks.
  • Allison Maury at Sep 15, 2005 at 2:06 pm

    Sep 15 10:39:53 comp automount[15138]: >> mount:
    server:/home/.hidden failed, reason given by server: Permission denied
    Sep 15 10:39:53 comp automount[15138]: mount(nfs): nfs: mount
    failure server:/home/.hidden on /home/.hidden
    Sep 15 10:39:53 comp automount[15138]: failed to mount /home/.hidden

    What is /home/.hidden? Why can't it be mounted? And, can I simply
    delete it?
    Basically, what is this error from and how can I stop it from
    occurring?

    Thanks in advance for any help.
    The name of the directory ".hidden" implies evil intent. See if you
    can find a check root kit package for
    Centos. Lock down your machine right away and start looking for
    modified RPMs.
    I used rkhunter to check for what evil might be going on. The only
    thing it listed were 2 vulnerable apps that seem to just be "Old or
    patched version" (OpenSSL 0.9.7a and PHP 4.3.9). This doesn't seem like
    the problem (am I wrong?).

    I realize that this is a basic question, but I'm a bit of a newbie. How
    do I go about looking for modified RPMs?

    Thanks!

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedSep 15, '05 at 8:55a
activeSep 15, '05 at 2:06p
posts4
users2
websitecentos.org
irc#centos

2 users in discussion

Allison Maury: 3 posts Ed Clarke: 1 post

People

Translate

site design / logo © 2022 Grokbase