Sometimes it's obvious that you need to go into "emergency mode" and try to preserve your data and rescue your systemfor example, if you suffer a complete hard drive failure or if you are unable to boot Linux at all. There are, however, two times when it is desirable to preemptively take drastic action to save your system even though your system still appears to be mostly functional:
Left unchecked, either of these situations can lead to eventual unexpected downtime, data loss, or even data theft. The following sections detail how to spot these types of situations and what to do should they occur. Recognizing File System TroubleFile system corruption occurs when the organization of the data on your hard drive is unexpectedly damaged, thereby causing Linux to begin to lose track of where some files begin or end, or of which files contain what data. After your file system becomes corrupt, continued access to the disk usually increases the spread of file system corruption, thereby endangering and potentially damaging still more files with every passing minute. A few telltale signs indicate that you are likely beginning to experience file system corruption:
If you believe that you are experiencing file system corruption, follow the steps earlier in this chapter in the "Dealing with Catastrophic Failures" section to start the rescue tool and perform checks on your file systems using e2fsck. Doing this should repair the corruption that has occurred on your file system and make it safe for use againalthough any data that was corrupted is lost forever.
If e2fsck is unable to find any problems in your Linux file systems, whatever symptoms you are experiencing are not due to file system corruption. In some cases, they might be due to malicious activity (we deal with this topic in the next section); in other cases, they might simply represent an aspect of the normal functioning of the Linux operating system that is unfamiliar to you.
Recognizing Malicious Network ActivityThere is one other type of critical problem that some unfortunate Linux users no doubt experienceparticularly those who are connected to busy networks or directly to the Internet. Linux systems are often targeted by hackers or other types of malicious network users. The reason is that most Linux systems on networks are not just PCs, but are typically serversconfigured to accept incoming requests while providing important services to many users. In general, Linux should be very good at repelling attacks, especially if you have properly configured your firewall as described in Chapter 30, "Security Basics." However, from time to time, it is inevitable that some attacks are successful. Recognizing the symptoms of having been successfully attacked can help you avoid extensive amounts of data loss or unwilling participation in Internet crimes. As long as your Linux system is connected to a network, you should stay vigilant in watching for all the following:
If you find yourself experiencing any of these symptoms, your system has likely been compromised. Unfortunately, this counts as a catastrophic failure. When a computer system is compromised by a malicious network user, he usually replaces many of the operating system components with modified components, which allow them to steal your data, use your computer in attacks on other computers, or perform other unwanted behavior. If you think your system has been compromised, you should immediately shut down your computer system to prevent further unknown malicious activity. Boot into rescue as described in "Dealing with Catastrophic Failures" earlier in this chapter, taking care not to enable networking. Save your important data files only (no programs or applications; they might have been replaced by harmful dupes) using the techniques described in "Backing Up and Restoring Your Data" earlier in this chapter. Then reinstall Fedora Core 4 from scratch as described in Part I of this book and restore your data from the backups you made. After your Linux system is running again, review Chapter 30, "Security Basics," and implement the techniques described there. Afterward, refer to Chapter 32, "Keeping Fedora Core Updated," to ensure that all of the latest updates and security measures have been installed on your system. |